managed_policy_arns
Set of managed policy ARNs to attach to the role. **AWS managed policies** (recommended for common use cases): - `arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole` - `arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy` - `arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess` - `arn:aws:iam::aws:policy/CloudWatchLogsFullAccess` **Customer managed policies** (for custom permissions): - `arn:aws:iam::123456789012:policy/MyCustomPolicy` **Best practices:** - Prefer managed policies over inline for reusability - Use AWS managed policies when they fit your needs - Create customer managed policies for organization-specific permissions - Maximum 10 managed policies per role (AWS limit)
AWS Managed Policies
Common managed policies:
| Policy | Use Case |
|---|---|
AWSLambdaBasicExecutionRole | Lambda logging |
AmazonS3ReadOnlyAccess | S3 read access |
AmazonDynamoDBFullAccess | DynamoDB access |
Best Practices
- Prefer least-privilege custom policies
- Use managed policies for common AWS services
- Limit the number of attached policies
Full Module Example
module "iam_role" {
source = "registry.patterneddesigns.ca/patterneddesigns/iam-role/aws"
version = "0.1.0"
# managed_policy_arns
managed_policy_arns = "..."
# Other required inputs
name = "..."
}