public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
});
var firehoseRole = new Aws.Iam.Role("firehoseRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""firehose.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var testStream = new Aws.Kinesis.FirehoseDeliveryStream("testStream", new Aws.Kinesis.FirehoseDeliveryStreamArgs
{
Destination = "s3",
S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs
{
BucketArn = bucket.Arn,
RoleArn = firehoseRole.Arn,
},
});
}
public MyStack()
{
var example = new Aws.Iam.Role("example", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary <string, object?>
{
{ "Statement", new[]
{
new Dictionary <string, object?>
{
{ "Action", "sts:AssumeRole" },
{ "Effect", "Allow" },
{ "Principal", new Dictionary <string, object?>
{
{ "Service", "eks-fargate-pods.amazonaws.com" },
} },
},
} },
{ "Version", "2012-10-17" },
}),
});
var example_AmazonEKSFargatePodExecutionRolePolicy = new Aws.Iam.RolePolicyAttachment("example-AmazonEKSFargatePodExecutionRolePolicy", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy",
Role = example.Name,
});
}
public MyStack()
{
var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
Tags =
{
{ "tag-key", "tag-value" },
},
});
}
public MyStack()
{
var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [""sts:AssumeRole""],
""Effect"": ""allow"",
""Principal"": {
""Service"": [""backup.amazonaws.com""]
}
}
]
}
",
});
var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("exampleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup",
Role = exampleRole.Name,
});
var exampleSelection = new Aws.Backup.Selection("exampleSelection", new Aws.Backup.SelectionArgs
{
IamRoleArn = exampleRole.Arn,
});
}
private iam.Role createRedshiftRole()
{
var redShiftRole = new iam.Role("dend-redshift-role", new iam.RoleArgs
{
Description = "Role Created for Udacity's DEND",
Path = "/service-role/redshift.amazonaws.com/dend/",
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": [
""redshift.amazonaws.com""
]
},
""Action"": ""sts:AssumeRole""
}
]
}",
}, this.CustomResourceOptions);
var redShiftRolePolicyAttachment = new iam.RolePolicyAttachment("redshift-s3-readonly-attachment", new iam.RolePolicyAttachmentArgs
{
Role = redShiftRole.Name,
PolicyArn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess",
}, this.CustomResourceOptions);
return(redShiftRole);
}
public MyStack()
{
var example = new Aws.Iam.Role("example", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""eks.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var example_AmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment("example-AmazonEKSClusterPolicy", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
Role = example.Name,
});
var example_AmazonEKSServicePolicy = new Aws.Iam.RolePolicyAttachment("example-AmazonEKSServicePolicy", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy",
Role = example.Name,
});
}
public MyStack()
{
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""config.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var foo = new Aws.Cfg.Recorder("foo", new Aws.Cfg.RecorderArgs
{
RoleArn = role.Arn,
});
}
public MyStack()
{
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
Path = "/",
});
var testProfile = new Aws.Iam.InstanceProfile("testProfile", new Aws.Iam.InstanceProfileArgs
{
Role = role.Name,
});
}
public MyStack()
{
var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""appsync.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("exampleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
Role = exampleRole.Name,
});
var exampleGraphQLApi = new Aws.AppSync.GraphQLApi("exampleGraphQLApi", new Aws.AppSync.GraphQLApiArgs
{
LogConfig = new Aws.AppSync.Inputs.GraphQLApiLogConfigArgs
{
CloudwatchLogsRoleArn = exampleRole.Arn,
FieldLogLevel = "ERROR",
},
});
}
public MyStack()
{
var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
{
Acl = "private",
});
var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""codebuild.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = Output.Tuple(exampleBucket.Arn, exampleBucket.Arn).Apply(values =>
{
var exampleBucketArn = values.Item1;
var exampleBucketArn1 = values.Item2;
return(@$ "{{
" "Version" ": " "2012-10-17" ",
" "Statement" ": [
public MyStack()
{
var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @" {
""Version"": ""2012-10-17"",
""Statement"": {
""Effect"": ""Allow"",
""Principal"": {""Service"": ""ssm.amazonaws.com""},
""Action"": ""sts:AssumeRole""
}
}
",
});
var testAttach = new Aws.Iam.RolePolicyAttachment("testAttach", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
Role = testRole.Name,
});
var foo = new Aws.Ssm.Activation("foo", new Aws.Ssm.ActivationArgs
{
Description = "Test",
IamRole = testRole.Id,
RegistrationLimit = 5,
}, new CustomResourceOptions
{
DependsOn =
{
"aws_iam_role_policy_attachment.test_attach",
},
});
}
public MyStack()
{
var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""codedeploy.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var aWSCodeDeployRole = new Aws.Iam.RolePolicyAttachment("aWSCodeDeployRole", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole",
Role = exampleRole.Name,
});
var exampleApplication = new Aws.CodeDeploy.Application("exampleApplication", new Aws.CodeDeploy.ApplicationArgs
{
});
var exampleTopic = new Aws.Sns.Topic("exampleTopic", new Aws.Sns.TopicArgs
{
});
var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup("exampleDeploymentGroup", new Aws.CodeDeploy.DeploymentGroupArgs
{
AlarmConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAlarmConfigurationArgs
{
Alarms =
{
"my-alarm-name",
},
Enabled = true,
},
AppName = exampleApplication.Name,
AutoRollbackConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAutoRollbackConfigurationArgs
{
Enabled = true,
Events =
{
"DEPLOYMENT_FAILURE",
},
},
DeploymentGroupName = "example-group",
Ec2TagSets =
{
new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetArgs
{
Ec2TagFilter =
{
{
{ "key", "filterkey1" },
public MyStack()
{
var dlmLifecycleRole = new Aws.Iam.Role("dlmLifecycleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""dlm.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var dlmLifecycle = new Aws.Iam.RolePolicy("dlmLifecycle", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Action"": [
""ec2:CreateSnapshot"",
""ec2:DeleteSnapshot"",
""ec2:DescribeVolumes"",
""ec2:DescribeSnapshots""
],
""Resource"": ""*""
},
{
""Effect"": ""Allow"",
""Action"": [
""ec2:CreateTags""
],
""Resource"": ""arn:aws:ec2:*::snapshot/*""
}
]
}
",
Role = dlmLifecycleRole.Id,
});
var example = new Aws.Dlm.LifecyclePolicy("example", new Aws.Dlm.LifecyclePolicyArgs
{
Description = "example DLM lifecycle policy",
ExecutionRoleArn = dlmLifecycleRole.Arn,
PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs
{
ResourceTypes =
{
"VOLUME",
},
public MyStack()
{
var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"sts:AssumeRole",
},
Effect = "Allow",
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
aws_iam_role.AWSCloudFormationStackSetAdministrationRole.Arn,
},
Type = "AWS",
},
},
},
},
}));
var aWSCloudFormationStackSetExecutionRole = new Aws.Iam.Role("aWSCloudFormationStackSetExecutionRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Apply(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy => aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json),
});
var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"cloudformation:*",
"s3:*",
"sns:*",
},
Effect = "Allow",
Resources =
{
"*",
},
},
},
}));
var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Apply(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument => aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Json),
Role = aWSCloudFormationStackSetExecutionRole.Name,
});
}
public MyStack()
{
var rule = new Aws.Cfg.Rule("rule", new Aws.Cfg.RuleArgs
{
Source = new Aws.Cfg.Inputs.RuleSourceArgs
{
Owner = "AWS",
SourceIdentifier = "S3_BUCKET_VERSIONING_ENABLED",
},
}, new CustomResourceOptions
{
DependsOn =
{
"aws_config_configuration_recorder.foo",
},
});
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""config.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var foo = new Aws.Cfg.Recorder("foo", new Aws.Cfg.RecorderArgs
{
RoleArn = role.Arn,
});
var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""config:Put*"",
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
Role = role.Id,
});
}
public CreateRoleStack()
{
var config = new Pulumi.Config();
var unprivilegedUsername = config.Require("unprivilegedUsername");
var unprivilegedUser = new Iam.User("unprivilegedUser", new Iam.UserArgs
{
Name = unprivilegedUsername,
});
var unprivilegedUserCreds = new Iam.AccessKey("unprivileged-user-key", new Iam.AccessKeyArgs
{
User = unprivilegedUser.Name,
},
// additional_secret_outputs specify properties that must be encrypted as secrets
// https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs
new CustomResourceOptions {
AdditionalSecretOutputs = { "secret" }
});
var tempPolicy = unprivilegedUser.Arn.Apply((string arn) =>
{
AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn);
return(JsonSerializer.Serialize <AssumeRolePolicyArgs>(policyArgs));
});
var allowS3ManagementRole = new Iam.Role("allow-s3-management", new Iam.RoleArgs
{
Description = "Allow management of S3 buckets",
AssumeRolePolicy = tempPolicy
});
var rolePolicy = new Iam.RolePolicy("allow-s3-management-policy", new Iam.RolePolicyArgs
{
Role = allowS3ManagementRole.Name,
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": ""s3:*"",
""Resource"": ""*"",
""Sid"": ""allowS3Access""
}]
}"
},
new CustomResourceOptions {
Parent = allowS3ManagementRole
}
);
this.roleArn = allowS3ManagementRole.Arn;
this.accessKeyId = unprivilegedUserCreds.Id;
this.secretAccessKey = unprivilegedUserCreds.Secret;
}
public MyStack()
{
var fooRecorderStatus = new Aws.Cfg.RecorderStatus("fooRecorderStatus", new Aws.Cfg.RecorderStatusArgs
{
IsEnabled = true,
}, new CustomResourceOptions
{
DependsOn =
{
"aws_config_delivery_channel.foo",
},
});
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""config.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var rolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("rolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSConfigRole",
Role = role.Name,
});
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
});
var fooDeliveryChannel = new Aws.Cfg.DeliveryChannel("fooDeliveryChannel", new Aws.Cfg.DeliveryChannelArgs
{
S3BucketName = bucket.BucketName,
});
var fooRecorder = new Aws.Cfg.Recorder("fooRecorder", new Aws.Cfg.RecorderArgs
{
RoleArn = role.Arn,
});
var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = Output.Tuple(bucket.Arn, bucket.Arn).Apply(values =>
{
var bucketArn = values.Item1;
var bucketArn1 = values.Item2;
return(@$ "{{
" "Version" ": " "2012-10-17" ",
" "Statement" ": [
public MyStack()
{
var app = new Aws.Pinpoint.App("app", new Aws.Pinpoint.AppArgs
{
});
var identity = new Aws.Ses.DomainIdentity("identity", new Aws.Ses.DomainIdentityArgs
{
Domain = "example.com",
});
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""pinpoint.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var email = new Aws.Pinpoint.EmailChannel("email", new Aws.Pinpoint.EmailChannelArgs
{
ApplicationId = app.ApplicationId,
FromAddress = "*****@*****.**",
Identity = identity.Arn,
RoleArn = role.Arn,
});
var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": {
""Action"": [
""mobileanalytics:PutEvents"",
""mobileanalytics:PutItems""
],
""Effect"": ""Allow"",
""Resource"": [
""*""
]
}
}
",
Role = role.Id,
});
}
public MyStack()
{
var app = new Aws.Pinpoint.App("app", new Aws.Pinpoint.AppArgs
{
});
var testStream = new Aws.Kinesis.Stream("testStream", new Aws.Kinesis.StreamArgs
{
ShardCount = 1,
});
var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""pinpoint.us-east-1.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var stream = new Aws.Pinpoint.EventStream("stream", new Aws.Pinpoint.EventStreamArgs
{
ApplicationId = app.ApplicationId,
DestinationStreamArn = testStream.Arn,
RoleArn = testRole.Arn,
});
var testRolePolicy = new Aws.Iam.RolePolicy("testRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": {
""Action"": [
""kinesis:PutRecords"",
""kinesis:DescribeStream""
],
""Effect"": ""Allow"",
""Resource"": [
""arn:aws:kinesis:us-east-1:*:*/*""
]
}
}
",
Role = testRole.Id,
});
}
public MyStack()
{
var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
{
});
var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""vpc-flow-logs.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
{
IamRoleArn = exampleRole.Arn,
LogDestination = exampleLogGroup.Arn,
TrafficType = "ALL",
VpcId = aws_vpc.Example.Id,
});
var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""logs:CreateLogGroup"",
""logs:CreateLogStream"",
""logs:PutLogEvents"",
""logs:DescribeLogGroups"",
""logs:DescribeLogStreams""
],
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
Role = exampleRole.Id,
});
}
public MyStack()
{
var cloudwatchRole = new Aws.Iam.Role("cloudwatchRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""apigateway.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var demo = new Aws.ApiGateway.Account("demo", new Aws.ApiGateway.AccountArgs
{
CloudwatchRoleArn = cloudwatchRole.Arn,
});
var cloudwatchRolePolicy = new Aws.Iam.RolePolicy("cloudwatchRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Action"": [
""logs:CreateLogGroup"",
""logs:CreateLogStream"",
""logs:DescribeLogGroups"",
""logs:DescribeLogStreams"",
""logs:PutLogEvents"",
""logs:GetLogEvents"",
""logs:FilterLogEvents""
],
""Resource"": ""*""
}
]
}
",
Role = cloudwatchRole.Id,
});
}
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
ForceDestroy = true,
});
var fooDeliveryChannel = new Aws.Cfg.DeliveryChannel("fooDeliveryChannel", new Aws.Cfg.DeliveryChannelArgs
{
S3BucketName = bucket.BucketName,
}, new CustomResourceOptions
{
DependsOn =
{
"aws_config_configuration_recorder.foo",
},
});
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""config.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var fooRecorder = new Aws.Cfg.Recorder("fooRecorder", new Aws.Cfg.RecorderArgs
{
RoleArn = role.Arn,
});
var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = Output.Tuple(bucket.Arn, bucket.Arn).Apply(values =>
{
var bucketArn = values.Item1;
var bucketArn1 = values.Item2;
return(@$ "{{
" "Version" ": " "2012-10-17" ",
" "Statement" ": [
public MyStack()
{
var key = new Aws.Kms.Key("key", new Aws.Kms.KeyArgs
{
});
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""lambda.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var grant = new Aws.Kms.Grant("grant", new Aws.Kms.GrantArgs
{
Constraints =
{
new Aws.Kms.Inputs.GrantConstraintArgs
{
EncryptionContextEquals =
{
{ "Department", "Finance" },
},
},
},
GranteePrincipal = role.Arn,
KeyId = key.KeyId,
Operations =
{
"Encrypt",
"Decrypt",
"GenerateDataKey",
},
});
}
public MyStack()
{
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @" {
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs
{
Description = "A test policy",
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""ec2:Describe*""
],
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
});
var test_attach = new Aws.Iam.RolePolicyAttachment("test-attach", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = policy.Arn,
Role = role.Name,
});
}
public MyStack()
{
var organizationRole = new Aws.Iam.Role("organizationRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""config.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var organizationConfigurationAggregator = new Aws.Cfg.ConfigurationAggregator("organizationConfigurationAggregator", new Aws.Cfg.ConfigurationAggregatorArgs
{
OrganizationAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs
{
AllRegions = true,
RoleArn = organizationRole.Arn,
},
}, new CustomResourceOptions
{
DependsOn =
{
"aws_iam_role_policy_attachment.organization",
},
});
var organizationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("organizationRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
Role = organizationRole.Name,
});
}
public MyStack()
{
var mytopic = new Aws.Sns.Topic("mytopic", new Aws.Sns.TopicArgs
{
});
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""iot.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var rule = new Aws.Iot.TopicRule("rule", new Aws.Iot.TopicRuleArgs
{
Description = "Example rule",
Enabled = true,
Sns = new Aws.Iot.Inputs.TopicRuleSnsArgs
{
Sns = "RAW",
Sns = role.Arn,
Sns = mytopic.Arn,
},
Sql = "SELECT * FROM 'topic/test'",
SqlVersion = "2016-03-23",
});
var iamPolicyForLambda = new Aws.Iam.RolePolicy("iamPolicyForLambda", new Aws.Iam.RolePolicyArgs
{
Policy = mytopic.Arn.Apply(arn => @$ "{{
" "Version" ": " "2012-10-17" ",
" "Statement" ": [
public MyStack()
{
var mainUserPool = new Aws.Cognito.UserPool("mainUserPool", new Aws.Cognito.UserPoolArgs
{
});
var groupRole = new Aws.Iam.Role("groupRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Federated"": ""cognito-identity.amazonaws.com""
},
""Action"": ""sts:AssumeRoleWithWebIdentity"",
""Condition"": {
""StringEquals"": {
""cognito-identity.amazonaws.com:aud"": ""us-east-1:12345678-dead-beef-cafe-123456790ab""
},
""ForAnyValue:StringLike"": {
""cognito-identity.amazonaws.com:amr"": ""authenticated""
}
}
}
]
}
",
});
var mainUserGroup = new Aws.Cognito.UserGroup("mainUserGroup", new Aws.Cognito.UserGroupArgs
{
Description = "Managed by Pulumi",
Precedence = 42,
RoleArn = groupRole.Arn,
UserPoolId = mainUserPool.Id,
});
}
public MyStack()
{
var model = new Aws.Sagemaker.Model("model", new Aws.Sagemaker.ModelArgs
{
ExecutionRoleArn = aws_iam_role.Foo.Arn,
PrimaryContainer = new Aws.Sagemaker.Inputs.ModelPrimaryContainerArgs
{
Image = "174872318107.dkr.ecr.us-west-2.amazonaws.com/kmeans:1",
},
});
var assumeRole = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"sts:AssumeRole",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"sagemaker.amazonaws.com",
},
Type = "Service",
},
},
},
},
}));
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = assumeRole.Apply(assumeRole => assumeRole.Json),
});
}
public MyStack()
{
var exampleTable = new Aws.DynamoDB.Table("exampleTable", new Aws.DynamoDB.TableArgs
{
Attributes =
{
new Aws.DynamoDB.Inputs.TableAttributeArgs
{
Name = "UserId",
Type = "S",
},
},
HashKey = "UserId",
ReadCapacity = 1,
WriteCapacity = 1,
});
var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""appsync.amazonaws.com""
},
""Effect"": ""Allow""
}
]
}
",
});
var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = exampleTable.Arn.Apply(arn => @$ "{{
" "Version" ": " "2012-10-17" ",
" "Statement" ": [
public MyStack()
{
var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var testPolicy = new Aws.Iam.RolePolicy("testPolicy", new Aws.Iam.RolePolicyArgs
{
Role = testRole.Id,
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""ec2:Describe*""
],
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
});
}