1. Answers
  2. Configuring an AWS IAM Policy

How do I configure an AWS IAM policy?

To configure an Identity and Access Management (IAM) policy in AWS, you’ll need to define the policy’s permissions, write a JSON policy document, and use it to create the policy resource. This example demonstrates how you can achieve this.

Explanation

  1. Provider Configuration: Start by configuring your AWS provider.
  2. IAM Policy Resource: Define the IAM policy, specifying the name and description for the policy.
  3. Policy Document: Write a JSON document that outlines the permissions. This example grants read-only access to Amazon S3.
  4. Outputs: Export the created policy’s ARN for reference.

Program

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplePolicy = new aws.iam.Policy("example_policy", {
    name: "ExamplePolicy",
    description: "A test policy to allow read-only access to S3",
    policy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: [
                "s3:GetObject",
                "s3:ListBucket",
            ],
            Effect: "Allow",
            Resource: "*",
        }],
    }),
});
export const policyArn = examplePolicy.arn;

In this example, we:

  1. Configured the AWS provider to use the us-west-2 region.
  2. Created an IAM policy named ExamplePolicy with a description.
  3. Defined the policy’s permissions in JSON format, allowing read-only access to all S3 buckets.
  4. Exported the ARN of the created policy as a stack output for use in other parts of the infrastructure or for verification.

This configuration provides a reusable and scalable way to define IAM policies in your AWS environment.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up