Class: Terracop::Cop::Aws::IamInlinePolicy

Inherits:

Base

Object
Base
Terracop::Cop::Aws::IamInlinePolicy

show all

Defined in:: lib/terracop/cop/aws/iam_inline_policy.rb

Overview

This cop warns against the use of inline group/role/user policies. Inline policies tend to be copy/pasted, sometimes with minor changes and are not shown in the “Policies” tab of AWS IAM.

Examples:

# bad
resource "aws_role" "role" { }

resource "aws_iam_role_policy" "policy" {
  role = aws_role.role.id
  name = "policy"

  policy = <some policy>
}

# good
resource "aws_role" "role" { }

resource "aws_iam_policy" "policy" {
  name        = "test-policy"

  policy = <some policy>
}

resource "aws_iam_role_policy_attachment" "attach" {
  role       = aws_iam_role.role.name
  policy_arn = aws_iam_policy.policy.arn
}

Instance Attribute Summary

Attributes inherited from Base

#attributes, #index, #name, #offenses, #type

Instance Method Summary collapse

#check ⇒ Object

Methods inherited from Base

config, cop_name, #human_name, #initialize, #offense, run

Constructor Details

This class inherits a constructor from Terracop::Cop::Base

Instance Method Details

#check ⇒ `Object`

# File 'lib/terracop/cop/aws/iam_inline_policy.rb', line 41

def check
  entity = type.scan(/aws_iam_(.+)_policy/).first.first
  offense("Use aws_iam_#{entity}_policy_attachment instead of " \
          "attaching inline policies with aws_iam_#{entity}_policy.")
end