Use aws.iam.PolicyDocument for type-safe JSON in AWSTypeScript
Certainly, you can create a type-safe IAM policy document using
aws.iam.PolicyDocument. A PolicyDocument is a statement that defines an AWS IAM policy. It is defined in JSON format and the benefit of using the
aws.iam.PolicyDocumentobject in Pulumi is that it can provide type-safety within your IAM policies.
Here is a simple demonstration on how you might set up an
In this example, the
aws.iam.PolicyDocumentdescribes a policy that allows read access (via the
s3:GetObjectaction) to a specified S3 bucket (you have to replace
CODE_FOR_RESOURCE_ARNwith your specific value).
This policy document can then be used to create an
aws.iam.Policy, which can be attached to users, groups and roles.