How do I configure an AWS IAM policy attachment?
To configure an AWS IAM policy attachment using Pulumi, you need to define an IAM role, an IAM policy, and then attach the policy to the role. This ensures that the role has the permissions specified in the policy. Below is a complete Pulumi program in TypeScript that demonstrates how to do this.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Define an IAM role
const iamRole = new aws.iam.Role("exampleRole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRole",
Principal: {
Service: "ec2.amazonaws.com",
},
Effect: "Allow",
Sid: "",
},
],
}),
});
// Define an IAM policy
const iamPolicy = new aws.iam.Policy("examplePolicy", {
description: "A test policy",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Action: [
"ec2:Describe*",
],
Effect: "Allow",
Resource: "*",
},
],
}),
});
// Attach the policy to the role
const policyAttachment = new aws.iam.RolePolicyAttachment("examplePolicyAttachment", {
role: iamRole.name,
policyArn: iamPolicy.arn,
});
// Export the role name and policy ARN
export const roleName = iamRole.name;
export const policyArn = iamPolicy.arn;
In this program:
- An IAM role named
exampleRole
is created with a trust policy that allows EC2 to assume the role. - An IAM policy named
examplePolicy
is created with permissions to describe EC2 instances. - The policy is attached to the role using
RolePolicyAttachment
namedexamplePolicyAttachment
.
This setup ensures that the role has the permissions specified in the policy.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.