Question: How to create an IAM policy using hclwrite

[dgokcin]

Hello

We are trying to create terragrunt files programatically with hclwrite and having some difficulties with writing iam policies. What I am trying to achieve is this terragrunt.hcl file for an s3 bucket.

• How can I create the policy and add it to the inputs as an attribute?

include {
  path = find_in_parent_folders()
}

locals {
  common_vars = yamldecode(file(find_in_parent_folders("common_vars.yaml")))
  name        = "product-images"
}

terraform {
  source = "../../../../common//terragrunt-base/modules/terraform-aws-s3-bucket"
}

inputs = {
  bucket        = "${local.common_vars.namespace}-${local.common_vars.environment}-${local.name}"
  policy        = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
        "Sid": "PublicReadGetObject",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::${local.common_vars.namespace}-${local.common_vars.environment}-${local.name}/*"
    }
  ]
}
EOF
  cors_rule = [
    {
      allowed_headers = ["Content-Type"]
      allowed_methods = ["PUT"]
      allowed_origins = ["http://localhost:*"]
    }
  ]

  server_side_encryption_configuration = {
    rule = {
      apply_server_side_encryption_by_default = {
        sse_algorithm = "AES256"
      }
    }
  }
}