| title | cloud | service | description | library | brand | og | ||||
|---|---|---|---|---|---|---|---|---|---|---|
How to create an AWS Identity and Access Management (IAM) service with Pulumi |
AWS |
IAM |
enables you to manage access to AWS services and resources securely |
@pulumi/aws |
aws |
|
This reference shows how to use Pulumi to define an {{ page.cloud }} {{ page.service }} resource using pure code which can then be deployed to {{ page.cloud }} and managed as infrastructure as code.
{{ page.cloud }} {{ page.service }} {{ page.description }}. Find out more at AWS here.
The {{ page.library }} library enables fine-grained control over the {{ page.cloud }} {{ page.service }} resource meaning it can be coded, deployed, and managed entirely in code.
const aws = require("@pulumi/aws");
const role = new aws.iam.Role("myrole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Principal: {
Service: "ec2.amazonaws.com"
},
Effect: "Allow",
Sid: ""
}]
})
});
const rolePolicy = new aws.iam.RolePolicy("myrolepolicy", {
role: role.id,
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [ "ec2:Describe*" ],
Effect: "Allow",
Resource: "*"
}]
})
});
const policy = new aws.iam.Policy("mypolicy", {
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"ec2:Describe*"
],
Effect: "Allow",
Resource: "*"
}]
})
});
const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("myrolepolicyattachment", {
role: role,
policyArn: policy.arn
});
const user = new aws.iam.User("myuser");
const group = new aws.iam.Group("mygroup");
const policyAttachment = new aws.iam.PolicyAttachment("mypolicyattachment", {
users: [user],
groups: [group],
roles: [role],
policyArn: policy.arn
});