AWS

An IAM role is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. TL;DR The principal is WHO will be able to access a resource. The policy is WHAT the principals associated with the role will be able to do. The role links the principals thanks to the assume_role_policy with the inline policy argument. The attachement links the role to a managed policies instead of the inline policy.

An extended explanation of the differences between for_each, for and count can be find on the link below https://blog.gruntwork.io/terraform-tips-tricks-loops-if-statements-and-gotchas-f739bbae55f9 The two main drawbacks of using count are : - Can’t be used to loop over inline blocks - Difficult to remove entry from a list because it changes the index and those Terraform may want to destroy the resource because it has a different index Below is an example of the variables used to create subnets within AWS VPCs and the main file with the for_each.