How do I configure an AWS IAM policy?
To configure an Identity and Access Management (IAM) policy in AWS, you’ll need to define the policy’s permissions, write a JSON policy document, and use it to create the policy resource. This example demonstrates how you can achieve this.
Explanation
- Provider Configuration: Start by configuring your AWS provider.
- IAM Policy Resource: Define the IAM policy, specifying the name and description for the policy.
- Policy Document: Write a JSON document that outlines the permissions. This example grants read-only access to Amazon S3.
- Outputs: Export the created policy’s ARN for reference.
Program
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const examplePolicy = new aws.iam.Policy("example_policy", {
name: "ExamplePolicy",
description: "A test policy to allow read-only access to S3",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"s3:GetObject",
"s3:ListBucket",
],
Effect: "Allow",
Resource: "*",
}],
}),
});
export const policyArn = examplePolicy.arn;
In this example, we:
- Configured the AWS provider to use the
us-west-2
region. - Created an IAM policy named
ExamplePolicy
with a description. - Defined the policy’s permissions in JSON format, allowing read-only access to all S3 buckets.
- Exported the ARN of the created policy as a stack output for use in other parts of the infrastructure or for verification.
This configuration provides a reusable and scalable way to define IAM policies in your AWS environment.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.