policy_arn | Patterned Designs Documentation

The ARN of the created policy. Use this for attaching the policy to IAM entities or referencing in other resources.

Example Value

arn:aws:iam::123456789012:policy/developer-access

Common Use Cases

Attach to IAM Role

resource "aws_iam_role_policy_attachment" "developer" {
  role       = aws_iam_role.developer.name
  policy_arn = module.developer_policy.policy_arn
}

Attach to IAM Group

resource "aws_iam_group_policy_attachment" "developers" {
  group      = aws_iam_group.developers.name
  policy_arn = module.developer_policy.policy_arn
}

Use as Permission Boundary

resource "aws_iam_role" "developer_role" {
  name                 = "developer-role"
  assume_role_policy   = data.aws_iam_policy_document.assume_role.json
  permissions_boundary = module.boundary_policy.policy_arn
}

Reference in Another Module

module "ecs_service" {
  source = "..."

  task_role_policy_arns = [
    module.s3_access_policy.policy_arn,
    module.dynamodb_access_policy.policy_arn
  ]
}

Usage

module "access_policy" {
  source  = "registry.patterneddesigns.ca/governance/access-policy/aws"
  version = "0.1.0"
  # ... inputs
}

# Access this output
output "policy_arn" {
  value = module.access_policy.policy_arn
}

Related Outputs

JSON-formatted policy document generated by the module. Useful for debugging, auditing, or using in contexts that require raw policy JSON.

Unique identifier for the policy. This is the policy's internal AWS ID, distinct from the ARN.