Example #1
0
    public MyStack()
    {
        var lbUser = new Aws.Iam.User("lbUser", new Aws.Iam.UserArgs
        {
            Path = "/system/",
        });
        var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new Aws.Iam.AccessKeyArgs
        {
            PgpKey = "keybase:some_person_that_exists",
            User   = lbUser.Name,
        });
        var lbRo = new Aws.Iam.UserPolicy("lbRo", new Aws.Iam.UserPolicyArgs
        {
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""ec2:Describe*""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""*""
    }
  ]
}

",
            User   = lbUser.Name,
        });

        this.Secret = lbAccessKey.EncryptedSecret;
    }
Example #2
0
    public MyStack()
    {
        var lbUser = new Aws.Iam.User("lbUser", new Aws.Iam.UserArgs
        {
            Path = "/system/",
        });
        var lbRo = new Aws.Iam.UserPolicy("lbRo", new Aws.Iam.UserPolicyArgs
        {
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""ec2:Describe*""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""*""
    }
  ]
}

",
            User   = lbUser.Name,
        });
        var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new Aws.Iam.AccessKeyArgs
        {
            User = lbUser.Name,
        });
    }
Example #3
0
    public CreateRoleStack()
    {
        var config = new Pulumi.Config();
        var unprivilegedUsername = config.Require("unprivilegedUsername");

        var unprivilegedUser = new Iam.User("unprivilegedUser", new Iam.UserArgs
        {
            Name = unprivilegedUsername,
        });

        var unprivilegedUserCreds = new Iam.AccessKey("unprivileged-user-key", new Iam.AccessKeyArgs
        {
            User = unprivilegedUser.Name,
        },
                                                      // additional_secret_outputs specify properties that must be encrypted as secrets
                                                      // https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs
                                                      new CustomResourceOptions {
            AdditionalSecretOutputs = { "secret" }
        });

        var tempPolicy = unprivilegedUser.Arn.Apply((string arn) =>
        {
            AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn);
            return(JsonSerializer.Serialize <AssumeRolePolicyArgs>(policyArgs));
        });

        var allowS3ManagementRole = new Iam.Role("allow-s3-management", new Iam.RoleArgs
        {
            Description      = "Allow management of S3 buckets",
            AssumeRolePolicy = tempPolicy
        });

        var rolePolicy = new Iam.RolePolicy("allow-s3-management-policy", new Iam.RolePolicyArgs
        {
            Role   = allowS3ManagementRole.Name,
            Policy =
                @"{
                ""Version"": ""2012-10-17"",
                ""Statement"": [{
                    ""Effect"": ""Allow"",
                    ""Action"": ""s3:*"",
                    ""Resource"": ""*"",
                    ""Sid"": ""allowS3Access""
                }]
            }"
        },
                                            new CustomResourceOptions {
            Parent = allowS3ManagementRole
        }
                                            );

        this.roleArn         = allowS3ManagementRole.Arn;
        this.accessKeyId     = unprivilegedUserCreds.Id;
        this.secretAccessKey = unprivilegedUserCreds.Secret;
    }