1. Docs
  2. Clouds
  3. AWS
  4. AWS Guides
  5. Creating an AWS IAM Service with Pulumi

Creating an AWS IAM Service with Pulumi

    Create an AWS IAM resource using @pulumi/aws

    The @pulumi/aws library enables fine-grained control over the AWS IAM resource meaning it can be coded, deployed, and managed entirely in code.

    const aws = require("@pulumi/aws");
    
    const role = new aws.iam.Role("myrole", {
        assumeRolePolicy: JSON.stringify({
            Version: "2012-10-17",
            Statement: [{
                Action: "sts:AssumeRole",
                Principal: {
                    Service: "ec2.amazonaws.com"
                },
                Effect: "Allow",
                Sid: ""
            }]
        })
    });
    
    const rolePolicy = new aws.iam.RolePolicy("myrolepolicy", {
        role: role,
        policy: JSON.stringify({
            Version: "2012-10-17",
            Statement: [{
                Action: [ "ec2:Describe*" ],
                Effect: "Allow",
                Resource: "*"
            }]
        })
    });
    
    const policy = new aws.iam.Policy("mypolicy", {
        policy: JSON.stringify({
            Version: "2012-10-17",
            Statement: [{
                Action: [
                  "ec2:Describe*"
                ],
                Effect: "Allow",
                Resource: "*"
            }]
        })
    });
    
    const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("myrolepolicyattachment", {
        role: role,
        policyArn: policy.arn
    });
    
    const user = new aws.iam.User("myuser");
    
    const group = new aws.iam.Group("mygroup");
    
    const policyAttachment = new aws.iam.PolicyAttachment("mypolicyattachment", {
        users: [user],
        groups: [group],
        roles: [role],
        policyArn: policy.arn
    });
    
      Pulumi AI - What cloud infrastructure would you like to build? Generate Program