AWS IAM v0.0.3, Jun 1 22

aws-iam.GroupWithPolicies

Explore with Pulumi AI

This resources allows you to create an IAM group with specified IAM policies, and then add specified users into your created group.

Example Usage

using Pulumi;
using Pulumi.AwsIam;
using Pulumi.AwsIam.Inputs;

class MyStack : Stack
{
    public MyStack()
    {
        var groupWithPolicies = new GroupWithPolicies("group-with-policies", new GroupWithPoliciesArgs
        {
            Name = "superadmins",
            GroupUsers = {"user1", "user2"},
            AttachIamSelfManagementPolicy = true,
            CustomGroupPolicyArns = {"arn:aws:iam::aws:policy/AdministratorAccess"},
            CustomGroupPolicies = new InputList<ImmutableDictionary<string, string>>
            {
                ImmutableDictionary.Create<string, string>()
                    .Add("name", "AllowS3Listing")
                    .Add("policy", "{}"),
            },
        });

        this.GroupWithPolicies = Output.Create<GroupWithPolicies>(groupWithPolicies);
    }

    [Output]
    public Output<GroupWithPolicies> GroupWithPolicies { get; set; }
}

package main

import (
    iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        groupWithPolicies, err := iam.NewGroupWithPolicies(ctx, "group-with-policies", &iam.GroupWithPoliciesArgs{
            Name:                          pulumi.String("superadmins"),
            GroupUsers:                    pulumi.ToStringArray([]string{"user1", "user2"}),
            AttachIamSelfManagementPolicy: pulumi.BoolPtr(true),
            CustomGroupPolicyArns:         pulumi.ToStringArray([]string{"arn:aws:iam::aws:policy/AdministratorAccess"}),
            CustomGroupPolicies: pulumi.ToStringMapArray([]map[string]string{
                {
                    "name":   "AllowS3Listing",
                    "policy": "{}",
                },
            }),
        })
        if err != nil {
            return err
        }

        ctx.Export("groupWithPolicies", groupWithPolicies)

        return nil
    })
}

Coming soon!

import pulumi
import pulumi_aws_iam as iam

group_with_policies = iam.GroupWithPolicies(
    'group_with_policies',
    name='superadmins',
    group_users=['user1','user2'],
    attach_iam_self_management_policy=True,
    custom_group_policy_arns=['arn:aws:iam::aws:policy/AdministratorAccess'],
    custom_group_policies=[{
        'name': 'AllowS3Listing',
        'policy': '{}',
    }],
)

pulumi.export('group_with_policies', group_with_policies)

import * as iam from "@pulumi/aws-iam";

export const groupWithPolicies = new iam.GroupWithPolicies("aws-iam-example-group-with-policies", {
    name: "superadmins",
    groupUsers: [ "user1", "user2" ],
    attachIamSelfManagementPolicy: true,
    customGroupPolicyArns: [ "arn:aws:iam::aws:policy/AdministratorAccess" ],
    customGroupPolicies: [{
        "name": "AllowS3Listing",
        "policy": "{}",
    }],
});

name: awsiam-yaml
runtime: yaml
resources:
    groupWithPolicies:
        type: "aws-iam:index:GroupWithPolicies"
        properties:
            name: "superadmins"
            groupUsers:
                - "user1"
                - "user2"
            attachIamSelfManagementPolicy: true
            customGroupPolicyArns:
                - "arn:aws:iam::aws:policy/AdministratorAccess"
            customGroupPolicies:
                - name: "AllowS3Listing"
                policy: "{}"
            outputs:
                groupWithPolicies: ${groupWithPolicies}

Create GroupWithPolicies Resource

new GroupWithPolicies(name: string, args: GroupWithPoliciesArgs, opts?: CustomResourceOptions);

@overload
def GroupWithPolicies(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      attach_iam_self_management_policy: Optional[bool] = None,
                      aws_account_id: Optional[str] = None,
                      custom_group_policies: Optional[Sequence[Mapping[str, str]]] = None,
                      custom_group_policy_arns: Optional[Sequence[str]] = None,
                      group_users: Optional[Sequence[str]] = None,
                      iam_self_management_policy_name_prefix: Optional[str] = None,
                      name: Optional[str] = None,
                      tags: Optional[Mapping[str, str]] = None)
@overload
def GroupWithPolicies(resource_name: str,
                      args: GroupWithPoliciesArgs,
                      opts: Optional[ResourceOptions] = None)

func NewGroupWithPolicies(ctx *Context, name string, args GroupWithPoliciesArgs, opts ...ResourceOption) (*GroupWithPolicies, error)

public GroupWithPolicies(string name, GroupWithPoliciesArgs args, CustomResourceOptions? opts = null)

public GroupWithPolicies(String name, GroupWithPoliciesArgs args)
public GroupWithPolicies(String name, GroupWithPoliciesArgs args, CustomResourceOptions options)

type: aws-iam:GroupWithPolicies
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args GroupWithPoliciesArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args GroupWithPoliciesArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args GroupWithPoliciesArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args GroupWithPoliciesArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args GroupWithPoliciesArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

GroupWithPolicies Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The GroupWithPolicies resource accepts the following input properties:

GroupUsers List<string>: List of IAM users to have in an IAM group which can assume the role.
Name string: Name of IAM group.
AttachIamSelfManagementPolicy bool: Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
AwsAccountId string: AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
CustomGroupPolicies List<ImmutableDictionary<string, string>>: List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.
CustomGroupPolicyArns List<string>: List of IAM policies ARNs to attach to IAM group.
IamSelfManagementPolicyNamePrefix string: Name prefix for IAM policy to create with IAM self-management permissions.
Tags Dictionary<string, string>: A map of tags to add.

GroupUsers []string: List of IAM users to have in an IAM group which can assume the role.
Name string: Name of IAM group.
AttachIamSelfManagementPolicy bool: Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
AwsAccountId string: AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
CustomGroupPolicies []map[string]string: List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.
CustomGroupPolicyArns []string: List of IAM policies ARNs to attach to IAM group.
IamSelfManagementPolicyNamePrefix string: Name prefix for IAM policy to create with IAM self-management permissions.
Tags map[string]string: A map of tags to add.

groupUsers List<String>: List of IAM users to have in an IAM group which can assume the role.
name String: Name of IAM group.
attachIamSelfManagementPolicy Boolean: Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
awsAccountId String: AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
customGroupPolicies List<Map<String,String>>: List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.
customGroupPolicyArns List<String>: List of IAM policies ARNs to attach to IAM group.
iamSelfManagementPolicyNamePrefix String: Name prefix for IAM policy to create with IAM self-management permissions.
tags Map<String,String>: A map of tags to add.

groupUsers string[]: List of IAM users to have in an IAM group which can assume the role.
name string: Name of IAM group.
attachIamSelfManagementPolicy boolean: Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
awsAccountId string: AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
customGroupPolicies {[key: string]: string}[]: List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.
customGroupPolicyArns string[]: List of IAM policies ARNs to attach to IAM group.
iamSelfManagementPolicyNamePrefix string: Name prefix for IAM policy to create with IAM self-management permissions.
tags {[key: string]: string}: A map of tags to add.

group_users Sequence[str]: List of IAM users to have in an IAM group which can assume the role.
name str: Name of IAM group.
attach_iam_self_management_policy bool: Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
aws_account_id str: AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
custom_group_policies Sequence[Mapping[str, str]]: List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.
custom_group_policy_arns Sequence[str]: List of IAM policies ARNs to attach to IAM group.
iam_self_management_policy_name_prefix str: Name prefix for IAM policy to create with IAM self-management permissions.
tags Mapping[str, str]: A map of tags to add.

groupUsers List<String>: List of IAM users to have in an IAM group which can assume the role.
name String: Name of IAM group.
attachIamSelfManagementPolicy Boolean: Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
awsAccountId String: AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
customGroupPolicies List<Map<String>>: List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.
customGroupPolicyArns List<String>: List of IAM policies ARNs to attach to IAM group.
iamSelfManagementPolicyNamePrefix String: Name prefix for IAM policy to create with IAM self-management permissions.
tags Map<String>: A map of tags to add.

Outputs

All input properties are implicitly available as output properties. Additionally, the GroupWithPolicies resource produces the following output properties:

GroupArn string: IAM group arn.
GroupName string: IAM group name.

GroupArn string: IAM group arn.
GroupName string: IAM group name.

groupArn String: IAM group arn.
groupName String: IAM group name.

groupArn string: IAM group arn.
groupName string: IAM group name.

group_arn str: IAM group arn.
group_name str: IAM group name.

groupArn String: IAM group arn.
groupName String: IAM group name.

Package Details

Repository: aws-iam
License