How do I modify IAM assume_role_policy in Pulumi?
In this guide, we will demonstrate how to modify an IAM assume_role_policy using Pulumi with TypeScript. We will create an IAM role and update its assume role policy to allow specific AWS services or accounts to assume the role.
Key Points:
- We will create an IAM role.
- We will define and attach an assume role policy to the IAM role.
- The assume role policy will specify which AWS services or accounts are allowed to assume the role.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create an IAM role
const role = new aws.iam.Role("myRole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
Service: "ec2.amazonaws.com"
},
Action: "sts:AssumeRole"
}
]
})
});
// Modify the assume role policy
const updatedAssumeRolePolicy = JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
Service: "ecs.amazonaws.com"
},
Action: "sts:AssumeRole"
},
{
Effect: "Allow",
Principal: {
AWS: "arn:aws:iam::123456789012:root"
},
Action: "sts:AssumeRole"
}
]
});
// Update the IAM role with the new assume role policy
const updatedRole = new aws.iam.Role("myUpdatedRole", {
assumeRolePolicy: updatedAssumeRolePolicy
});
// Export the role ARN
export const roleArn = updatedRole.arn;
Summary
In this guide, we created an IAM role and modified its assume role policy using Pulumi with TypeScript. The assume role policy specifies which AWS services or accounts are allowed to assume the role. We updated the role to allow both ECS service and a specific AWS account to assume the role. This demonstrates how you can manage and update IAM policies programmatically using Pulumi.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.