How to declare an AWS IAM Assume Role Policy in Terraform from a JSON file?

Question

I'd like to provision for an AWS IAM Role its Assume Role Policy using Terraform. I already have the policy declare as a JSON file.

From documentation I understand that the module aws_iam_role is what provisions an IAM Role but as I read from the note:

The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws_iam_policy resource. However, it can use an aws_iam_policy_document data source. See the example above of how this works.

Which means I'm tight to the IAM Policy declaration according to the aws_iam_policy_document syntax (which itself requires me to manual convert into another format) but I don't see how I can import the policy from a JSON file instead to create the IAM Role I need - the reason behind is that the policy is quite broad and I'd like it to be in a separate JSON file.

Can anyone advise on how to declare an IAM Role with a Policy declared in a JSON file?

Answer 1

In the aws_iam_role documentation page there is no example that shows how to load a policy from a JSON file but this works for me:

resource "aws_iam_role" "my_role" {
  name               = "my_role"
  assume_role_policy = file("${path.module}/my/path/my_policy.json")
}