#refarch - April 2024

Hi, I'm trying to use the iam-role module to create some custom policy documents to allow an EC2 instance to access an S3 bucket. Can someone provide an example of how the policy_documents and policy_name variables are used?

Do I need to specify the JSON within the yaml file for the IAM role I am creating? Or do I need to create a policy-POLICYNAME.tf file similar to how it's setup for aws-sso ?

https://github.com/cloudposse/terraform-aws-components/tree/main/modules/iam-role#input_policy_documents

Guys, sorry if this is stupid - but what exactly is the role of aws-teams and aws-teams-roles components? If I have aws-sso for users, why would I need teams and team-roles? Or is it just for system roles?
And where in there the system users are created?