I am attaching few managed policies (existing) to IAM role (existing). I am attaching the policies to the role by aws_iam_role_policy_attachment.
resource "aws_iam_role_policy_attachment" "role_logscreate" {
role = data.aws_iam_role.qrm_role_ASM_access.name
policy_arn = "arn:aws:iam::${local.account_id}:policy/pB-CloudWatchLogsCreate"
}
I want to add a "guard condition" that attach the policy only if it is not already attached to the Role. Is it possible in terraform.12?
Update @marcin: we are using a Teamcity pipeline for 1-click deployment of the terraform resources. most or the time we are removing the 'all-resources' and that time we de-attach these policies as well from the role. but some times the cherry-pick approach is used and IAM is not part of that. so, there is a possibility that IAM Role still have those policies and it is difficult for TC to detect these changes. so, I want to add the guard condition in my Terraform code. "Attach only if not already attached to IAMRole". hope, there is complete context and clarity why I want to add these guard conditions.