Class: Terracop::Cop::Aws::IamPolicyAttachment

Inherits:

Base

Object
Base
Terracop::Cop::Aws::IamPolicyAttachment

show all

Defined in:: lib/terracop/cop/aws/iam_policy_attachment.rb

Overview

This cop warns against the use of an evil all encompassing aws_iam_policy_attachment.

Examples:

# bad
resource "aws_iam_policy_attachment" "attach" {
  name       = "test-attachment"
  policy_arn = aws_iam_policy.policy.arn
  users      = [aws_iam_user.user.name]
  roles      = [aws_iam_role.role.name]
  groups     = [aws_iam_group.group.name]
}

# good
resource "aws_iam_role_policy_attachment" "attach" {
  role       = aws_iam_role.role.name
  policy_arn = aws_iam_policy.policy.arn
}

resource "aws_iam_user_policy_attachment" "attach" {
  user       = aws_iam_user.user.name
  policy_arn = aws_iam_policy.policy.arn
}

resource "aws_iam_group_policy_attachment" "attach" {
  group      = aws_iam_group.user.name
  policy_arn = aws_iam_policy.policy.arn
}

Instance Attribute Summary

Attributes inherited from Base

#attributes, #index, #name, #offenses, #type

Instance Method Summary collapse

#check ⇒ Object

Methods inherited from Base

config, cop_name, #human_name, #initialize, #offense, run

Constructor Details

This class inherits a constructor from Terracop::Cop::Base

Instance Method Details

#check ⇒ `Object`

# File 'lib/terracop/cop/aws/iam_policy_attachment.rb', line 40

def check
  offense('Use aws_iam_role_policy_attachment, ' \
          'aws_iam_user_policy_attachment, or ' \
          'aws_iam_group_policy_attachment instead.')
end

Class: Terracop::Cop::Aws::IamPolicyAttachment

Overview

Examples:

Instance Attribute Summary

Attributes inherited from Base

Instance Method Summary collapse

Methods inherited from Base

Constructor Details

Instance Method Details

#check ⇒ Object

#check ⇒ `Object`