From 4a55c75990e0985ca8740d2cdddbc73e95a2992a Mon Sep 17 00:00:00 2001 From: hacker65536 Date: Thu, 23 May 2024 14:55:00 +0900 Subject: [PATCH] fix example --- .header.md | 7 +++++-- README.md | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.header.md b/.header.md index e930a20..d13ddca 100644 --- a/.header.md +++ b/.header.md @@ -86,10 +86,13 @@ module "aws-iam-identity-center" { "arn:aws:iam::aws:policy/AmazonS3FullAccess", ] inline_policy = data.aws_iam_policy_document.CustomPermissionInlinePolicy.json - permissions_boundary = { - // either managed_policy_arn or customer_managed_policy_reference + // Only either managed_policy_arn or customer_managed_policy_reference can be specified. + // Before using customer_managed_policy_reference, first deploy the policy to the account. + // Don't in-place managed_policy_arn to/from customer_managed_policy_reference, delete it once. + permissions_boundary = { // managed_policy_arn = "arn:aws:iam::aws:policy/PowerUserAccess" + customer_managed_policy_reference = { name = "ExamplePermissionsBoundaryPolicy" // path = "/" diff --git a/README.md b/README.md index 2f757ab..58158c9 100644 --- a/README.md +++ b/README.md @@ -87,10 +87,13 @@ module "aws-iam-identity-center" { "arn:aws:iam::aws:policy/AmazonS3FullAccess", ] inline_policy = data.aws_iam_policy_document.CustomPermissionInlinePolicy.json - permissions_boundary = { - // either managed_policy_arn or customer_managed_policy_reference + // Only either managed_policy_arn or customer_managed_policy_reference can be specified. + // Before using customer_managed_policy_reference, first deploy the policy to the account. + // Don't in-place managed_policy_arn to/from customer_managed_policy_reference, delete it once. + permissions_boundary = { // managed_policy_arn = "arn:aws:iam::aws:policy/PowerUserAccess" + customer_managed_policy_reference = { name = "ExamplePermissionsBoundaryPolicy" // path = "/"