Creating an AWS IAM Service with Pulumi
This reference shows how to use Pulumi to define an AWS IAM resource using pure code which can then be deployed to AWS and managed as infrastructure as code.
What is AWS IAM?
AWS IAM enables you to manage access to AWS services and resources securely. Find out more at AWS here.
Create an AWS IAM resource using @pulumi/aws
The @pulumi/aws library enables fine-grained control over the AWS IAM resource meaning it can be coded, deployed, and managed entirely in code.
const aws = require("@pulumi/aws");
const role = new aws.iam.Role("myrole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "ec2.amazonaws.com"
},
Effect: "Allow",
Sid: ""
}]
})
});
const rolePolicy = new aws.iam.RolePolicy("myrolepolicy", {
role: role,
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [ "ec2:Describe*" ],
Effect: "Allow",
Resource: "*"
}]
})
});
const policy = new aws.iam.Policy("mypolicy", {
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"ec2:Describe*"
],
Effect: "Allow",
Resource: "*"
}]
})
});
const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("myrolepolicyattachment", {
role: role,
policyArn: policy.arn
});
const user = new aws.iam.User("myuser");
const group = new aws.iam.Group("mygroup");
const policyAttachment = new aws.iam.PolicyAttachment("mypolicyattachment", {
users: [user],
groups: [group],
roles: [role],
policyArn: policy.arn
});
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.
