aws-iam logo
AWS IAM v0.0.3, Jun 1 22

aws-iam.GroupWithPolicies

This resources allows you to create an IAM group with specified IAM policies, and then add specified users into your created group.

Example Usage

using Pulumi;
using Pulumi.AwsIam;
using Pulumi.AwsIam.Inputs;

class MyStack : Stack
{
    public MyStack()
    {
        var groupWithPolicies = new GroupWithPolicies("group-with-policies", new GroupWithPoliciesArgs
        {
            Name = "superadmins",
            GroupUsers = {"user1", "user2"},
            AttachIamSelfManagementPolicy = true,
            CustomGroupPolicyArns = {"arn:aws:iam::aws:policy/AdministratorAccess"},
            CustomGroupPolicies = new InputList<ImmutableDictionary<string, string>>
            {
                ImmutableDictionary.Create<string, string>()
                    .Add("name", "AllowS3Listing")
                    .Add("policy", "{}"),
            },
        });

        this.GroupWithPolicies = Output.Create<GroupWithPolicies>(groupWithPolicies);
    }

    [Output]
    public Output<GroupWithPolicies> GroupWithPolicies { get; set; }
}
package main

import (
    iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        groupWithPolicies, err := iam.NewGroupWithPolicies(ctx, "group-with-policies", &iam.GroupWithPoliciesArgs{
            Name:                          pulumi.String("superadmins"),
            GroupUsers:                    pulumi.ToStringArray([]string{"user1", "user2"}),
            AttachIamSelfManagementPolicy: pulumi.BoolPtr(true),
            CustomGroupPolicyArns:         pulumi.ToStringArray([]string{"arn:aws:iam::aws:policy/AdministratorAccess"}),
            CustomGroupPolicies: pulumi.ToStringMapArray([]map[string]string{
                {
                    "name":   "AllowS3Listing",
                    "policy": "{}",
                },
            }),
        })
        if err != nil {
            return err
        }

        ctx.Export("groupWithPolicies", groupWithPolicies)

        return nil
    })
}

Coming soon!

import pulumi
import pulumi_aws_iam as iam

group_with_policies = iam.GroupWithPolicies(
    'group_with_policies',
    name='superadmins',
    group_users=['user1','user2'],
    attach_iam_self_management_policy=True,
    custom_group_policy_arns=['arn:aws:iam::aws:policy/AdministratorAccess'],
    custom_group_policies=[{
        'name': 'AllowS3Listing',
        'policy': '{}',
    }],
)

pulumi.export('group_with_policies', group_with_policies)
import * as iam from "@pulumi/aws-iam";

export const groupWithPolicies = new iam.GroupWithPolicies("aws-iam-example-group-with-policies", {
    name: "superadmins",
    groupUsers: [ "user1", "user2" ],
    attachIamSelfManagementPolicy: true,
    customGroupPolicyArns: [ "arn:aws:iam::aws:policy/AdministratorAccess" ],
    customGroupPolicies: [{
        "name": "AllowS3Listing",
        "policy": "{}",
    }],
});
name: awsiam-yaml
runtime: yaml
resources:
    groupWithPolicies:
        type: "aws-iam:index:GroupWithPolicies"
        properties:
            name: "superadmins"
            groupUsers:
                - "user1"
                - "user2"
            attachIamSelfManagementPolicy: true
            customGroupPolicyArns:
                - "arn:aws:iam::aws:policy/AdministratorAccess"
            customGroupPolicies:
                - name: "AllowS3Listing"
                policy: "{}"
            outputs:
                groupWithPolicies: ${groupWithPolicies}

Create GroupWithPolicies Resource

new GroupWithPolicies(name: string, args: GroupWithPoliciesArgs, opts?: CustomResourceOptions);
@overload
def GroupWithPolicies(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      attach_iam_self_management_policy: Optional[bool] = None,
                      aws_account_id: Optional[str] = None,
                      custom_group_policies: Optional[Sequence[Mapping[str, str]]] = None,
                      custom_group_policy_arns: Optional[Sequence[str]] = None,
                      group_users: Optional[Sequence[str]] = None,
                      iam_self_management_policy_name_prefix: Optional[str] = None,
                      name: Optional[str] = None,
                      tags: Optional[Mapping[str, str]] = None)
@overload
def GroupWithPolicies(resource_name: str,
                      args: GroupWithPoliciesArgs,
                      opts: Optional[ResourceOptions] = None)
func NewGroupWithPolicies(ctx *Context, name string, args GroupWithPoliciesArgs, opts ...ResourceOption) (*GroupWithPolicies, error)
public GroupWithPolicies(string name, GroupWithPoliciesArgs args, CustomResourceOptions? opts = null)
public GroupWithPolicies(String name, GroupWithPoliciesArgs args)
public GroupWithPolicies(String name, GroupWithPoliciesArgs args, CustomResourceOptions options)
type: aws-iam:GroupWithPolicies
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args GroupWithPoliciesArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args GroupWithPoliciesArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args GroupWithPoliciesArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args GroupWithPoliciesArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args GroupWithPoliciesArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

GroupWithPolicies Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The GroupWithPolicies resource accepts the following input properties:

GroupUsers List<string>

List of IAM users to have in an IAM group which can assume the role.

Name string

Name of IAM group.

AttachIamSelfManagementPolicy bool

Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.

AwsAccountId string

AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.

CustomGroupPolicies List<ImmutableDictionary<string, string>>

List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.

CustomGroupPolicyArns List<string>

List of IAM policies ARNs to attach to IAM group.

IamSelfManagementPolicyNamePrefix string

Name prefix for IAM policy to create with IAM self-management permissions.

Tags Dictionary<string, string>

A map of tags to add.

GroupUsers []string

List of IAM users to have in an IAM group which can assume the role.

Name string

Name of IAM group.

AttachIamSelfManagementPolicy bool

Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.

AwsAccountId string

AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.

CustomGroupPolicies []map[string]string

List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.

CustomGroupPolicyArns []string

List of IAM policies ARNs to attach to IAM group.

IamSelfManagementPolicyNamePrefix string

Name prefix for IAM policy to create with IAM self-management permissions.

Tags map[string]string

A map of tags to add.

groupUsers List<String>

List of IAM users to have in an IAM group which can assume the role.

name String

Name of IAM group.

attachIamSelfManagementPolicy Boolean

Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.

awsAccountId String

AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.

customGroupPolicies List<Map<String,String>>

List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.

customGroupPolicyArns List<String>

List of IAM policies ARNs to attach to IAM group.

iamSelfManagementPolicyNamePrefix String

Name prefix for IAM policy to create with IAM self-management permissions.

tags Map<String,String>

A map of tags to add.

groupUsers string[]

List of IAM users to have in an IAM group which can assume the role.

name string

Name of IAM group.

attachIamSelfManagementPolicy boolean

Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.

awsAccountId string

AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.

customGroupPolicies {[key: string]: string}[]

List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.

customGroupPolicyArns string[]

List of IAM policies ARNs to attach to IAM group.

iamSelfManagementPolicyNamePrefix string

Name prefix for IAM policy to create with IAM self-management permissions.

tags {[key: string]: string}

A map of tags to add.

group_users Sequence[str]

List of IAM users to have in an IAM group which can assume the role.

name str

Name of IAM group.

attach_iam_self_management_policy bool

Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.

aws_account_id str

AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.

custom_group_policies Sequence[Mapping[str, str]]

List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.

custom_group_policy_arns Sequence[str]

List of IAM policies ARNs to attach to IAM group.

iam_self_management_policy_name_prefix str

Name prefix for IAM policy to create with IAM self-management permissions.

tags Mapping[str, str]

A map of tags to add.

groupUsers List<String>

List of IAM users to have in an IAM group which can assume the role.

name String

Name of IAM group.

attachIamSelfManagementPolicy Boolean

Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.

awsAccountId String

AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.

customGroupPolicies List<Map<String>>

List of maps of inline IAM policies to attach to IAM group. Should have name and policy keys in each element.

customGroupPolicyArns List<String>

List of IAM policies ARNs to attach to IAM group.

iamSelfManagementPolicyNamePrefix String

Name prefix for IAM policy to create with IAM self-management permissions.

tags Map<String>

A map of tags to add.

Outputs

All input properties are implicitly available as output properties. Additionally, the GroupWithPolicies resource produces the following output properties:

GroupArn string

IAM group arn.

GroupName string

IAM group name.

GroupArn string

IAM group arn.

GroupName string

IAM group name.

groupArn String

IAM group arn.

groupName String

IAM group name.

groupArn string

IAM group arn.

groupName string

IAM group name.

group_arn str

IAM group arn.

group_name str

IAM group name.

groupArn String

IAM group arn.

groupName String

IAM group name.

Package Details

Repository
aws-iam
License