Creating an AWS IAM Service with Pulumi
Create an AWS IAM resource using @pulumi/aws
The @pulumi/aws
library enables fine-grained control over the AWS IAM resource meaning it can be coded, deployed, and managed entirely in code.
const aws = require("@pulumi/aws");
const role = new aws.iam.Role("myrole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "ec2.amazonaws.com"
},
Effect: "Allow",
Sid: ""
}]
})
});
const rolePolicy = new aws.iam.RolePolicy("myrolepolicy", {
role: role,
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [ "ec2:Describe*" ],
Effect: "Allow",
Resource: "*"
}]
})
});
const policy = new aws.iam.Policy("mypolicy", {
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"ec2:Describe*"
],
Effect: "Allow",
Resource: "*"
}]
})
});
const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("myrolepolicyattachment", {
role: role,
policyArn: policy.arn
});
const user = new aws.iam.User("myuser");
const group = new aws.iam.Group("mygroup");
const policyAttachment = new aws.iam.PolicyAttachment("mypolicyattachment", {
users: [user],
groups: [group],
roles: [role],
policyArn: policy.arn
});
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.