public MyStack()
{
var lbUser = new Aws.Iam.User("lbUser", new Aws.Iam.UserArgs
{
Path = "/system/",
});
var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new Aws.Iam.AccessKeyArgs
{
PgpKey = "keybase:some_person_that_exists",
User = lbUser.Name,
});
var lbRo = new Aws.Iam.UserPolicy("lbRo", new Aws.Iam.UserPolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""ec2:Describe*""
],
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
User = lbUser.Name,
});
this.Secret = lbAccessKey.EncryptedSecret;
}
public MyStack()
{
var lbUser = new Aws.Iam.User("lbUser", new Aws.Iam.UserArgs
{
Path = "/system/",
});
var lbRo = new Aws.Iam.UserPolicy("lbRo", new Aws.Iam.UserPolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""ec2:Describe*""
],
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
User = lbUser.Name,
});
var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new Aws.Iam.AccessKeyArgs
{
User = lbUser.Name,
});
}
public MyStack()
{
var user1 = new Aws.Iam.User("user1", new Aws.Iam.UserArgs
{
});
var group1 = new Aws.Iam.Group("group1", new Aws.Iam.GroupArgs
{
});
var group2 = new Aws.Iam.Group("group2", new Aws.Iam.GroupArgs
{
});
var example1 = new Aws.Iam.UserGroupMembership("example1", new Aws.Iam.UserGroupMembershipArgs
{
Groups =
{
group1.Name,
group2.Name,
},
User = user1.Name,
});
var group3 = new Aws.Iam.Group("group3", new Aws.Iam.GroupArgs
{
});
var example2 = new Aws.Iam.UserGroupMembership("example2", new Aws.Iam.UserGroupMembershipArgs
{
Groups =
{
group3.Name,
},
User = user1.Name,
});
}
public CreateRoleStack()
{
var config = new Pulumi.Config();
var unprivilegedUsername = config.Require("unprivilegedUsername");
var unprivilegedUser = new Iam.User("unprivilegedUser", new Iam.UserArgs
{
Name = unprivilegedUsername,
});
var unprivilegedUserCreds = new Iam.AccessKey("unprivileged-user-key", new Iam.AccessKeyArgs
{
User = unprivilegedUser.Name,
},
// additional_secret_outputs specify properties that must be encrypted as secrets
// https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs
new CustomResourceOptions {
AdditionalSecretOutputs = { "secret" }
});
var tempPolicy = unprivilegedUser.Arn.Apply((string arn) =>
{
AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn);
return(JsonSerializer.Serialize <AssumeRolePolicyArgs>(policyArgs));
});
var allowS3ManagementRole = new Iam.Role("allow-s3-management", new Iam.RoleArgs
{
Description = "Allow management of S3 buckets",
AssumeRolePolicy = tempPolicy
});
var rolePolicy = new Iam.RolePolicy("allow-s3-management-policy", new Iam.RolePolicyArgs
{
Role = allowS3ManagementRole.Name,
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": ""s3:*"",
""Resource"": ""*"",
""Sid"": ""allowS3Access""
}]
}"
},
new CustomResourceOptions {
Parent = allowS3ManagementRole
}
);
this.roleArn = allowS3ManagementRole.Arn;
this.accessKeyId = unprivilegedUserCreds.Id;
this.secretAccessKey = unprivilegedUserCreds.Secret;
}
public MyStack()
{
var userUser = new Aws.Iam.User("userUser", new Aws.Iam.UserArgs
{
Path = "/",
});
var userSshKey = new Aws.Iam.SshKey("userSshKey", new Aws.Iam.SshKeyArgs
{
Encoding = "SSH",
PublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 [email protected]",
Username = userUser.Name,
});
}
public MyStack()
{
var exampleUser = new Aws.Iam.User("exampleUser", new Aws.Iam.UserArgs
{
ForceDestroy = true,
Path = "/",
});
var exampleUserLoginProfile = new Aws.Iam.UserLoginProfile("exampleUserLoginProfile", new Aws.Iam.UserLoginProfileArgs
{
PgpKey = "keybase:some_person_that_exists",
User = exampleUser.Name,
});
this.Password = exampleUserLoginProfile.EncryptedPassword;
}
public MyStack()
{
var user = new Aws.Iam.User("user", new Aws.Iam.UserArgs
{
});
var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs
{
Description = "A test policy",
Policy = "",
});
// insert policy here
var test_attach = new Aws.Iam.UserPolicyAttachment("test-attach", new Aws.Iam.UserPolicyAttachmentArgs
{
PolicyArn = policy.Arn,
User = user.Name,
});
}
public MyStack()
{
var @group = new Aws.Iam.Group("group", new Aws.Iam.GroupArgs
{
});
var userOne = new Aws.Iam.User("userOne", new Aws.Iam.UserArgs
{
});
var userTwo = new Aws.Iam.User("userTwo", new Aws.Iam.UserArgs
{
});
var team = new Aws.Iam.GroupMembership("team", new Aws.Iam.GroupMembershipArgs
{
Group = @group.Name,
Users =
{
userOne.Name,
userTwo.Name,
},
});
}
public MyStack()
{
var user = new Aws.Iam.User("user", new Aws.Iam.UserArgs
{
});
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var @group = new Aws.Iam.Group("group", new Aws.Iam.GroupArgs
{
});
var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs
{
Description = "A test policy",
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""ec2:Describe*""
],
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
});
var test_attach = new Aws.Iam.PolicyAttachment("test-attach", new Aws.Iam.PolicyAttachmentArgs
{
Groups =
{
@group.Name,
},
PolicyArn = policy.Arn,
Roles =
{
role.Name,
},
Users =
{
user.Name,
},
});
}
