dtan4
commented
8 years ago In my understanding Terraform is designed to create user-defined resources. From this point, Terraforming should generate Terraform code of user-defined resources.
Managed Policies are immutable so that Terraform cannot modify them. Additionaly the number of managed policies is so huge.
For these reasons, I decided to omit managed policies from generated result and there is no plan to generate code of managed policies themselves. If you'd like to link policy to role, please write down the name of policy directly.
It is not exactly obvious to me why, but iamrp command only lists user-defined policies attached to roles; if there is a way to import existing attachments of managed AWS policies (such as e.g. EC2 ReadOnly, etc) to my own roles, I can't find it. Is it an omission/oversight or should I consider this a feature request?