How do I deploy an AWS iam role?
Overview
Deploying an AWS IAM role with an Infrastructure-as-Code (IaC) approach involves defining the necessary AWS Identity and Access Management (IAM) role configuration. This setup will include creating an IAM role with a specified policy, which allows the role to execute specific tasks within AWS.
Detailed Explanation
In this example, we’ll create an AWS IAM role with the following components:
- IAM Role: The main resource that defines the role with a trust relationship.
- IAM Policy: This policy will specify the permissions associated with the role.
- IAM Role Policy Attachment: This will attach the policy to the role.
Explanation of Resources
- aws_iam_role: This resource creates the IAM role with a trust relationship policy allowing it to be assumed by a specific service or AWS account.
- aws_iam_policy: Defines the permissions the role will have.
- aws_iam_role_policy_attachment: Attaches the policy to the role to apply the defined permissions.
Program
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.iam.Role("example", {
name: "example-role",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "ec2.amazonaws.com",
},
Effect: "Allow",
Sid: "",
}],
}),
});
const examplePolicy = new aws.iam.Policy("example_policy", {
name: "example_policy",
description: "An example policy",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"ec2:Describe*",
"s3:List*",
],
Effect: "Allow",
Resource: "*",
}],
}),
});
const example_attachment = new aws.iam.RolePolicyAttachment("example-attachment", {
role: example.name,
policyArn: examplePolicy.arn,
});
export const roleName = example.name;
export const policyArn = examplePolicy.arn;
Key Points
- IAM Role: Configured to be assumed by EC2 instances.
- IAM Policy: Grants permissions for describing EC2 instances and listing S3 buckets.
- Role Attachment: Attaches the policy to the IAM role effectively applying the permissions.
Summary
In this guide, we detailed how to deploy an AWS IAM role encompassing trust policies, permissions wrapped in IAM policies, and the role-policy attachment process. This setup ensures that the role is properly configured with necessary permissions, following the best practices of IAM management.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.