How do I deploy an AWS IAM role policy with Pulumi?
In this guide, we will deploy an AWS IAM role policy using Pulumi. This involves creating an IAM role and attaching a policy to it. We will write the code in TypeScript.
Key Points:
- Define an IAM role with a trust policy.
- Create an IAM role policy.
- Attach the policy to the IAM role.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Define the IAM role
const role = new aws.iam.Role("myRole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "ec2.amazonaws.com",
},
Effect: "Allow",
Sid: "",
}],
}),
});
// Define the IAM role policy
const rolePolicy = new aws.iam.RolePolicy("myRolePolicy", {
role: role.id,
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"s3:ListBucket",
"s3:GetObject"
],
Effect: "Allow",
Resource: [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
}],
}),
});
// Export the role name
export const roleName = role.name;
Summary
In this guide, we created an IAM role and attached a policy to it using Pulumi. We defined the trust policy for the IAM role and specified the actions allowed by the role policy. This setup allows the IAM role to assume the specified permissions.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.