title: "Introducing the Community AWS IAM Package"
# The date represents the post's publish date, and by default corresponds with
# the date this file was generated. Posts with future dates are visible in development,
# but excluded from production builds. Use the time and timezone-offset portions of
# of this value to schedule posts for publishing later.
date: 2022-10-05T09:24:26-07:00
# Use the meta_desc property to provide a brief summary (one or two sentences)
# of the content of the post, which is useful for targeting search results or social-media
# previews. This field is required or the build will fail the linter test.
# Max length is 160 characters.
meta_desc: The Community AWS IAM Package helps users from all backgrounds quickly create IAM Roles, Policies, and Users.
# The meta_image appears in social-media previews and on the blog home page.
# A placeholder image representing the recommended format, dimensions and aspect
# ratio has been provided for you.
meta_image: meta.png
# At least one author is required. The values in this list correspond with the `id`
# properties of the team member files at /data/team/team. Create a file for yourself
# if you don't already have one.
authors:
- zack-chase
# At least one tag is required. Lowercase, hyphen-delimited is recommended.
tags:
- aws
- iam
# See the blogging docs at https://github.com/pulumi/pulumi-hugo/blob/master/BLOGGING.md.
# for additional details, and please remove these comments before submitting for review.
---
Building on top of the cloud can be frustrating at times. You will likely run into resources that complicated to create, others that are very tedious to create, and worst of all resources that are complicated and tedious to create. As cloud engineers ourselves, we feel the same pain as our users and strive to build abstractions that make cloud engineering a more productive and pleasant experience.
Recently we released our [Community AWS IAM Package](/registry/packages/aws-iam/) to help deliver on the promise of making the cloud easier to use for every operator, engineer, and user. This package is based on the Terraform AWS IAM Module, so it allows our users to take advantage of battle-tested abstractions. The package also helps transitioning Terraform users by maintaining similar resource names and inputs so they can focus on taking advantage of features of their programming language of choice (TypeScript, JavaScript, Python, Go, .NET, and YAML).
In the following sections, we will show a few examples of common use cases when using the Community AWS IAM Package.
### Assumable Role with SAML
The example code below shows how you can create an Assumable Role with SAML, which will create a single IAM role which can be assumed by users with a SAML Identity Provider.
{{% chooser language "typescript,python,go,csharp,yaml" / %}}
{{% choosable language typescript %}}
```typescript
export const assumableRoleWithSaml = new iam.AssumableRoleWithSAML("aws-iam-example-assumable-role-with-saml", {
The example code below shows how you can create an EKS Assumable Role, which will create an IAM Role that can be assumed by multiple EKS Service Accounts.
{{% chooser language "typescript,python,go,csharp,yaml" / %}}
{{% choosable language typescript %}}
```typescript
export const eksRole = new iam.EKSRole("aws-iam-example-eks-role", {
The example code below shows how you can create an IAM Role for an EKS Service Account, which will create an IAM Role with various Policies attached that can be assumed by multiple EKS Service Accounts.
{{% chooser language "typescript,python,go,csharp,yaml" / %}}
{{% choosable language typescript %}}
```typescript
export const roleForServiceAccountsEks = new iam.RoleForServiceAccountsEks("aws-iam-example-role-for-service-accounts-eks", {
- Read the [AWS IAM documentation](/registry/packages/aws-iam/) to learn more about the package, how to [install and configure](/registry/packages/aws-iam/installation-configuration/) it and use its APIs.
