1. Answers
  2. Deploying an AWS IAM Role Policy with Pulumi

How do I deploy an AWS IAM role policy with Pulumi?

In this guide, we will deploy an AWS IAM role policy using Pulumi. This involves creating an IAM role and attaching a policy to it. We will write the code in TypeScript.

Key Points:

  • Define an IAM role with a trust policy.
  • Create an IAM role policy.
  • Attach the policy to the IAM role.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Define the IAM role
const role = new aws.iam.Role("myRole", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Principal: {
                Service: "ec2.amazonaws.com",
            },
            Effect: "Allow",
            Sid: "",
        }],
    }),
});

// Define the IAM role policy
const rolePolicy = new aws.iam.RolePolicy("myRolePolicy", {
    role: role.id,
    policy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            Effect: "Allow",
            Resource: [
                "arn:aws:s3:::my-bucket",
                "arn:aws:s3:::my-bucket/*"
            ],
        }],
    }),
});

// Export the role name
export const roleName = role.name;

Summary

In this guide, we created an IAM role and attached a policy to it using Pulumi. We defined the trust policy for the IAM role and specified the actions allowed by the role policy. This setup allows the IAM role to assume the specified permissions.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up