title, meta_desc, meta_image, service, description, aws_here, menu, aliases
| title |
meta_desc |
meta_image |
service |
description |
aws_here |
menu |
aliases |
| Creating an AWS IAM Service with Pulumi |
Learn how to use Pulumi to define an AWS IAM resource which can then be deployed to AWS and managed as infrastructure as code. |
/images/docs/service/aws-iam.png |
IAM |
enables you to manage access to AWS services and resources securely |
https://aws.amazon.com/iam/ |
| aws |
| name |
identifier |
parent |
| IAM |
iam-aws-guides |
aws-guides |
|
|
|
Create an AWS IAM resource using @pulumi/aws
The @pulumi/aws library enables fine-grained control over the AWS IAM resource meaning it can be coded, deployed, and managed entirely in code.
const aws = require("@pulumi/aws");
const role = new aws.iam.Role("myrole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "ec2.amazonaws.com"
},
Effect: "Allow",
Sid: ""
}]
})
});
const rolePolicy = new aws.iam.RolePolicy("myrolepolicy", {
role: role,
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [ "ec2:Describe*" ],
Effect: "Allow",
Resource: "*"
}]
})
});
const policy = new aws.iam.Policy("mypolicy", {
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"ec2:Describe*"
],
Effect: "Allow",
Resource: "*"
}]
})
});
const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("myrolepolicyattachment", {
role: role,
policyArn: policy.arn
});
const user = new aws.iam.User("myuser");
const group = new aws.iam.Group("mygroup");
const policyAttachment = new aws.iam.PolicyAttachment("mypolicyattachment", {
users: [user],
groups: [group],
roles: [role],
policyArn: policy.arn
});
