1. Answers
  2. Configure an AWS IAM Policy Attachment

How do I configure an AWS IAM policy attachment?

In this guide, we will configure an AWS IAM policy attachment using Pulumi in TypeScript. We will create an IAM role and attach a managed policy to it. This is useful for granting specific permissions to IAM roles, users, or groups.

Steps to Configure an AWS IAM Policy Attachment

  1. Create an IAM Role: Define an IAM role with a trust policy that specifies who can assume the role.
  2. Attach a Managed Policy: Attach a managed policy to the IAM role to grant it specific permissions.

Below is the Pulumi program that accomplishes this:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an IAM Role
const exampleRole = new aws.iam.Role("exampleRole", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [
            {
                Action: "sts:AssumeRole",
                Principal: {
                    Service: "ec2.amazonaws.com",
                },
                Effect: "Allow",
                Sid: "",
            },
        ],
    }),
});

// Attach a Managed Policy to the IAM Role
const exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment("exampleRolePolicyAttachment", {
    role: exampleRole.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", // Example managed policy
});

// Export the role name and policy attachment
export const roleName = exampleRole.name;
export const rolePolicyAttachmentId = exampleRolePolicyAttachment.id;

Key Points

  • IAM Role: The aws.iam.Role resource creates an IAM role with a specified trust policy.
  • Managed Policy: The aws.iam.RolePolicyAttachment resource attaches a managed policy to the IAM role.
  • Exports: The program exports the IAM role name and the policy attachment ID for reference.

Summary

In this guide, we created an IAM role and attached a managed policy to it using Pulumi in TypeScript. This configuration allows the IAM role to assume the specified permissions defined in the managed policy.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up