---
title: "Creating an AWS IAM Service with Pulumi"
meta_desc: "Learn how to use Pulumi to define an AWS IAM resource which can then be deployed to AWS and managed as infrastructure as code."
meta_image: "/images/docs/service/aws-iam.png"
service: "IAM"
description: "enables you to manage access to AWS services and resources securely"
aws_here: "https://aws.amazon.com/iam/"
menu:
  aws:
    name: IAM
    identifier: iam-aws-guides
    parent: aws-guides
aliases:
- /docs/aws/iam/
---

## Create an AWS IAM resource using `@pulumi/aws`

The `@pulumi/aws` library enables fine-grained control over the AWS IAM resource meaning it can be coded, deployed, and managed entirely in code.

```javascript
const aws = require("@pulumi/aws");

const role = new aws.iam.Role("myrole", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Principal: {
                Service: "ec2.amazonaws.com"
            },
            Effect: "Allow",
            Sid: ""
        }]
    })
});

const rolePolicy = new aws.iam.RolePolicy("myrolepolicy", {
    role: role,
    policy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: [ "ec2:Describe*" ],
            Effect: "Allow",
            Resource: "*"
        }]
    })
});

const policy = new aws.iam.Policy("mypolicy", {
    policy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: [
              "ec2:Describe*"
            ],
            Effect: "Allow",
            Resource: "*"
        }]
    })
});

const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("myrolepolicyattachment", {
    role: role,
    policyArn: policy.arn
});

const user = new aws.iam.User("myuser");

const group = new aws.iam.Group("mygroup");

const policyAttachment = new aws.iam.PolicyAttachment("mypolicyattachment", {
    users: [user],
    groups: [group],
    roles: [role],
    policyArn: policy.arn
});
```