Summary: IAM policies can be troublesome to configure with terrafom, but luckily you can use the AWS web console to configure the policy with all the permissions you need. Read on to find out how to deploy them with terraform.
Date: Around 2019
Refactor: 13 January 2025: Checked links and formatting.

When working with policies it's best to create the JSON policy file using the console. You can go to IAM, go to policies, create a policy, configure it, and when you've added all the permissions you need, go to the JSON tab.

We'll use this one as an example, a policy that allows all EC2 actions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ec2:*",
            "Resource": "*"
        }
    ]
}

You can use this policy in terraform by creating a new policy resource and attaching it to a user. Here's an example:

main.tf

provider "aws" {
    profile = "terraform"
}
resource "aws_iam_user" "myUser" {
    name = "Sjoerd"
}
resource "aws_iam_policy" "customPolicy" {
    name = "EC2AllOfIt"
    policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ec2:*",
            "Resource": "*"
        }
    ]
}
    EOF
}
resource "aws_iam_policy_attachment" "policyBind" {
    name = "attachment"
    users [aws_iam_user.myUser.name]
    policy_arn = aws_iam_policy.customPolicy.arn
}

This will create a new user, a new policy, and attach the policy to the user. The user will now have all EC2 permissions.