Skip to content
/ terraform-aws-policy-actions Public

Terraform module with an object of AWS policy actions allowed in policy documents.

License

Apache-2.0 license
2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mycarrysun/terraform-aws-policy-actions

BranchesTags

Repository files navigation

terraform-aws-policy-actions

A Terraform module that outputs all AWS policy actions by service name as string constants.

Why use this module?

There is currently no out of the box way to include an action for a service without referencing the string yourself. This is normally considered a bad practice in most programming languages, in favor of using string constants. This module enables you to use string constants for all AWS policy actions.

How its generated

The actions list is sourced from TryTryAgain/aws-iam-actions-list which maintains an up-to-date list of all AWS IAM actions.

A GitHub Action runs daily to check for updates and automatically creates a PR when new actions are available.

The JSON file is parsed with Python and produces a Terraform output with this format:

output "effects" {
  description = "All effects allowed in an AWS Policy"
  value       = {
    Allow = "Allow"
    Deny  = "Deny"
  }
}

output "actions" {
  description = "An object with all AWS policy actions separated by service"
  value       = {
    a2c = {
      AllActions                    = "a2c:*"
      GetContainerizationJobDetails = "a2c:GetContainerizationJobDetails"
      GetDeploymentJobDetails       = "a2c:GetDeploymentJobDetails"
      StartContainerizationJob      = "a2c:StartContainerizationJob"
      StartDeploymentJob            = "a2c:StartDeploymentJob"
    }
    a4b = {
      AllActions                        = "a4b:*"
      ApproveSkill                      = "a4b:ApproveSkill"
      AssociateContactWithAddressBook   = "a4b:AssociateContactWithAddressBook"
      AssociateDeviceWithNetworkProfile = "a4b:AssociateDeviceWithNetworkProfile"
      AssociateDeviceWithRoom           = "a4b:AssociateDeviceWithRoom"
      AssociateSkillGroupWithRoom       = "a4b:AssociateSkillGroupWithRoom"
      AssociateSkillWithSkillGroup      = "a4b:AssociateSkillWithSkillGroup"
      AssociateSkillWithUsers           = "a4b:AssociateSkillWithUsers"
    }
    // other service and actions omitted for brevity
  }
}

Usage

module "aws-policy-actions" {
  source  = "mycarrysun/policy-actions/aws"
  version = "~> 1.0.0"
}

resource "aws_s3_bucket" "example" {
  name = "example_bucket"
}

data "aws_iam_policy_document" "example" {
  effect = module.aws-policy-actions.effects.Allow
  actions = [
    module.aws-policy-actions.actions.s3.DeleteBucket,
    module.aws-policy-actions.actions.s3.GetBucketLocation,
    module.aws-policy-actions.actions.s3.GetObject,
  ]
  resources = [aws_s3_bucket.example.arn]
}

About

Terraform module with an object of AWS policy actions allowed in policy documents.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 3

v1.0.3 Latest
Feb 13, 2026
+ 2 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages