policy_document | Patterned Designs Documentation

The JSON-formatted policy document generated by the module. Useful for debugging, auditing, or using in contexts that require raw policy JSON.

Example Value

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowServices",
      "Effect": "Allow",
      "Action": [
        "ec2:*",
        "s3:*",
        "lambda:*"
      ],
      "Resource": "*"
    },
    {
      "Sid": "DenyDangerousActions",
      "Effect": "Deny",
      "Action": [
        "iam:CreateUser",
        "organizations:*"
      ],
      "Resource": "*"
    }
  ]
}

Common Use Cases

Policy Validation

output "policy_for_review" {
  description = "Policy document for security review"
  value       = module.developer_policy.policy_document
}

Inline Policy Usage

resource "aws_iam_role_policy" "inline" {
  name   = "inline-policy"
  role   = aws_iam_role.example.id
  policy = module.access_policy.policy_document
}

Policy Comparison

# Compare generated policy with expected policy
locals {
  policy_matches = module.access_policy.policy_document == local.expected_policy
}

Usage

module "access_policy" {
  source  = "registry.patterneddesigns.ca/governance/access-policy/aws"
  version = "0.1.0"
  # ... inputs
}

# Access this output
output "policy_document" {
  value = module.access_policy.policy_document
}

Related Outputs

ARN of the created policy. Use this for attaching the policy to IAM entities or referencing in other resources.

Unique identifier for the policy. This is the policy's internal AWS ID, distinct from the ARN.