# IAM Policy with dynamic actions and resources
resource "aws_iam_policy" "policy" {
  name        = var.policy_name
  description = var.policy_description

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      merge(
        {
          Effect   = "Allow"
          Action   = var.actions
          Resource = var.resources
        },
        var.conditions != null ? { Condition = var.conditions } : {}
      )
    ]
  })

  tags = var.tags
}