Open bflad opened 3 years ago
Given the advice at https://developer.hashicorp.com/terraform/tutorials/aws/aws-iam-policy?in=terraform%2Faws#refactor-your-policy, I'm wondering whether this ticket should skip the middle step of heredoc -> jsonencode()
and instead convert all heredocs into aws_iam_policy_document
s? I'm happy to tackle this one once we've reached agreement on approach.
Community Note
Description
Martin's excellent summary in https://github.com/hashicorp/terraform-provider-aws/pull/16792 explains this best:
This issue is for tracking and replacing other examples, but does not offer any initial future-proofing enforcement solutions.
Affected Files
Changes to these files should be submitted in batches, to prevent delayed reviews and merge conflicts.
website/docs/d/billing_service_account.html.markdown
website/docs/d/cloudtrail_service_account.html.markdown
website/docs/d/ecs_task_definition.html.markdown
website/docs/d/elb_service_account.html.markdown
website/docs/d/kms_ciphertext.html.markdown
website/docs/d/lambda_invocation.html.markdown
website/docs/d/redshift_service_account.html.markdown
website/docs/r/api_gateway_account.html.markdown
website/docs/r/api_gateway_authorizer.html.markdown
website/docs/r/api_gateway_integration.html.markdown
website/docs/r/api_gateway_integration_response.html.markdown
website/docs/r/api_gateway_model.html.markdown
website/docs/r/api_gateway_rest_api_policy.html.markdown
website/docs/r/apigatewayv2_model.html.markdown
website/docs/r/appsync_datasource.html.markdown
website/docs/r/appsync_function.html.markdown
website/docs/r/appsync_graphql_api.html.markdown
website/docs/r/appsync_resolver.html.markdown
website/docs/r/autoscaling_group.html.markdown
website/docs/r/autoscaling_lifecycle_hook.html.markdown
website/docs/r/backup_selection.html.markdown
website/docs/r/backup_vault_policy.html.markdown
website/docs/r/batch_compute_environment.html.markdown
website/docs/r/batch_job_definition.html.markdown
website/docs/r/cloudformation_stack.html.markdown
website/docs/r/cloudformation_stack_set.html.markdown
website/docs/r/cloudfront_realtime_log_config.html.markdown
website/docs/r/cloudtrail.html.markdown
website/docs/r/cloudwatch_composite_alarm.html.markdown
website/docs/r/cloudwatch_dashboard.html.markdown
website/docs/r/cloudwatch_event_archive.html.markdown
website/docs/r/cloudwatch_event_rule.html.markdown
website/docs/r/cloudwatch_event_target.html.markdown
website/docs/r/codeartifact_domain_permissions_policy.html.markdown
website/docs/r/codeartifact_repository_permissions_policy.html.markdown
website/docs/r/codebuild_project.html.markdown
website/docs/r/codebuild_report_group.html.markdown
website/docs/r/codedeploy_deployment_group.html.markdown
website/docs/r/codepipeline.markdown
website/docs/r/cognito_identity_pool_roles_attachment.markdown
website/docs/r/cognito_user_group.html.markdown
website/docs/r/cognito_user_pool_client.markdown
website/docs/r/config_config_rule.html.markdown
website/docs/r/config_configuration_aggregator.html.markdown
website/docs/r/config_configuration_recorder.html.markdown
website/docs/r/config_configuration_recorder_status.html.markdown
website/docs/r/config_conformance_pack.html.markdown
website/docs/r/config_delivery_channel.html.markdown
website/docs/r/dlm_lifecycle_policy.markdown
website/docs/r/dynamodb_table_item.html.markdown
website/docs/r/ecr_lifecycle_policy.html.markdown
website/docs/r/ecr_repository_policy.html.markdown
website/docs/r/ecs_task_definition.html.markdown
website/docs/r/efs_file_system_policy.html.markdown
website/docs/r/eks_cluster.html.markdown
website/docs/r/elasticsearch_domain.html.markdown
website/docs/r/elasticsearch_domain_policy.html.markdown
website/docs/r/emr_cluster.html.markdown
website/docs/r/emr_instance_group.html.markdown
website/docs/r/emr_security_configuration.html.markdown
website/docs/r/flow_log.html.markdown
website/docs/r/fms_policy.html.markdown
website/docs/r/glacier_vault.html.markdown
website/docs/r/glue_crawler.html.markdown
website/docs/r/iam_access_key.html.markdown
website/docs/r/iam_instance_profile.html.markdown
website/docs/r/iam_policy_attachment.html.markdown
website/docs/r/iam_role_policy_attachment.markdown
website/docs/r/iam_server_certificate.html.markdown
website/docs/r/iam_user.html.markdown
website/docs/r/iot_policy_attachment.html.markdown
website/docs/r/iot_role_alias.html.markdown
website/docs/r/iot_topic_rule.html.markdown
website/docs/r/kinesis_firehose_delivery_stream.html.markdown
website/docs/r/kms_ciphertext.html.markdown
website/docs/r/kms_grant.html.markdown
website/docs/r/lambda_function.html.markdown
website/docs/r/lambda_permission.html.markdown
website/docs/r/media_store_container_policy.html.markdown
website/docs/r/mq_configuration.html.markdown
website/docs/r/msk_cluster.html.markdown
website/docs/r/msk_configuration.html.markdown
website/docs/r/msk_scram_secret_association.html.markdown
website/docs/r/opsworks_stack.html.markdown
website/docs/r/organizations_policy.html.markdown
website/docs/r/pinpoint_email_channel.markdown
website/docs/r/pinpoint_event_stream.markdown
website/docs/r/resourcegroups_group.html.markdown
website/docs/r/s3_bucket.html.markdown
website/docs/r/s3_bucket_notification.html.markdown
website/docs/r/secretsmanager_secret_policy.html.markdown
website/docs/r/sfn_state_machine.html.markdown
website/docs/r/sns_topic.html.markdown
website/docs/r/sqs_queue_policy.html.markdown
website/docs/r/ssm_activation.html.markdown
website/docs/r/ssm_document.html.markdown
website/docs/r/ssm_patch_baseline.html.markdown
website/docs/r/ssm_resource_data_sync.html.markdown
website/docs/r/transfer_server.html.markdown
website/docs/r/transfer_ssh_key.html.markdown
website/docs/r/transfer_user.html.markdown
website/docs/r/vpc_endpoint_connection_notification.html.markdown
website/docs/r/xray_encryption_config.html.markdown
References