1. Answers
  2. Creating a Custom IAM Role in GCP with Pulumi

How do I create a custom IAM role in GCP with Pulumi?

In this guide, we will create a custom IAM role in Google Cloud Platform (GCP) using Pulumi. This custom role will have specific permissions that you define. Pulumi allows you to manage your cloud resources with code, making it easier to automate and manage infrastructure.

Key Points

  • We will use the Pulumi GCP provider to create a custom IAM role.
  • The custom role will be defined with a set of permissions.
  • The role will be created within a specified GCP project.

Steps

  1. Define the GCP project where the custom IAM role will be created.
  2. Specify the permissions that the custom role will have.
  3. Create the custom IAM role using Pulumi.

Below is the Pulumi program written in TypeScript to achieve this:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

// Define the GCP project
const project = new gcp.organizations.Project("my-project", {
  projectId: "my-gcp-project-id",
  name: "My GCP Project",
  orgId: "your-org-id",
});

// Define the custom IAM role
const customRole = new gcp.projects.IAMCustomRole("customRole", {
  project: project.projectId,
  roleId: "customRoleId",
  title: "Custom Role",
  description: "A custom role with specific permissions",
  permissions: [
    "storage.buckets.get",
    "storage.objects.list",
    "resourcemanager.projects.get",
  ],
  stage: "GA",
});

// Export the role name
export const roleName = customRole.name;

Explanation

  • Project Definition: We start by defining the GCP project using gcp.organizations.Project. This ensures that the custom IAM role is created within this project.
  • Custom Role Definition: We create a custom IAM role using gcp.projects.IAMCustomRole. The permissions property is an array of permissions that this custom role will have.
  • Export: Finally, we export the name of the custom role so that it can be referenced in other parts of your Pulumi stack.

Summary

In this guide, we created a custom IAM role in GCP using Pulumi. We defined the project and specified the permissions for the custom role. This approach helps in managing cloud resources programmatically, ensuring consistency and ease of automation.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up