#terraform-aws-modules (2023-02)
Terraform Modules
Discussions related to https://github.com/terraform-aws-modules
Archive: https://archive.sweetops.com/terraform-aws-modules/
2023-02-07
![JoseF avatar](https://avatars.slack-edge.com/2023-11-17/6215230659202_ac23db21c0c0c05010a4_72.jpg)
I am trying to set up a admin group that requires to have restriction in kms access/usage (some kinda boundaries to the scope of the group permission), however I am confuse between terraform-aws-iam-role and terraform-aws-iam-policy which should I use and how can I restrict the scope of the admin to not have access to the kms service?
2023-02-10
![Przemek avatar](https://secure.gravatar.com/avatar/c6ab2fd6b14c01c930726f8748b9d5bc.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
Hello!
Maybe someone can advice how to handle issue,
Im using module cloudposse/label/null
to provision tags to resources, but with iam role module cloudposse/iam-role/aws
there is tags generated example
+ tags = {
+ "Name" = "some name"
+ "tag1" = "x"
+ "tag2" = "b"
and many mores, but this Name tag is starting with N and terraform apply is failing with some issue that iam role not supporting this tag, any tip how to change from Name to name ?
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
try to use this variable https://github.com/cloudposse/terraform-null-label/blob/master/variables.tf#L108 - include all tags you want, exclude name
variable "labels_as_tags" {
![Przemek avatar](https://secure.gravatar.com/avatar/c6ab2fd6b14c01c930726f8748b9d5bc.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
ok, and variables tags and labels_as_tags can be together ?
![Przemek avatar](https://secure.gravatar.com/avatar/c6ab2fd6b14c01c930726f8748b9d5bc.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
as Im not sure if I understand it properly, I tried to just labels_as_tags: [] but still all tags appear, how this shall works ? can you advice ?
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
i’m not sure what’s the issue with labels_as_tags
, you can show here your code how you are using it
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
regarding /iam-role/aws
module, maybe try to use this var https://github.com/cloudposse/terraform-aws-iam-role/blob/master/variables.tf#L92
variable "tags_enabled" {
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
also, it’s strange that it does not accept Name
tag, there is a working example here https://github.com/cloudposse/terraform-aws-iam-role/tree/master/examples/complete which uses all the tags, and it gets provisioned on AWS on each PR