public MyStack() { var lbUser = new Aws.Iam.User("lbUser", new Aws.Iam.UserArgs { Path = "/system/", }); var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new Aws.Iam.AccessKeyArgs { PgpKey = "keybase:some_person_that_exists", User = lbUser.Name, }); var lbRo = new Aws.Iam.UserPolicy("lbRo", new Aws.Iam.UserPolicyArgs { Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": [ ""ec2:Describe*"" ], ""Effect"": ""Allow"", ""Resource"": ""*"" } ] } ", User = lbUser.Name, }); this.Secret = lbAccessKey.EncryptedSecret; }
public MyStack() { var lbUser = new Aws.Iam.User("lbUser", new Aws.Iam.UserArgs { Path = "/system/", }); var lbRo = new Aws.Iam.UserPolicy("lbRo", new Aws.Iam.UserPolicyArgs { Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": [ ""ec2:Describe*"" ], ""Effect"": ""Allow"", ""Resource"": ""*"" } ] } ", User = lbUser.Name, }); var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new Aws.Iam.AccessKeyArgs { User = lbUser.Name, }); }
public CreateRoleStack() { var config = new Pulumi.Config(); var unprivilegedUsername = config.Require("unprivilegedUsername"); var unprivilegedUser = new Iam.User("unprivilegedUser", new Iam.UserArgs { Name = unprivilegedUsername, }); var unprivilegedUserCreds = new Iam.AccessKey("unprivileged-user-key", new Iam.AccessKeyArgs { User = unprivilegedUser.Name, }, // additional_secret_outputs specify properties that must be encrypted as secrets // https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs new CustomResourceOptions { AdditionalSecretOutputs = { "secret" } }); var tempPolicy = unprivilegedUser.Arn.Apply((string arn) => { AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn); return(JsonSerializer.Serialize <AssumeRolePolicyArgs>(policyArgs)); }); var allowS3ManagementRole = new Iam.Role("allow-s3-management", new Iam.RoleArgs { Description = "Allow management of S3 buckets", AssumeRolePolicy = tempPolicy }); var rolePolicy = new Iam.RolePolicy("allow-s3-management-policy", new Iam.RolePolicyArgs { Role = allowS3ManagementRole.Name, Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [{ ""Effect"": ""Allow"", ""Action"": ""s3:*"", ""Resource"": ""*"", ""Sid"": ""allowS3Access"" }] }" }, new CustomResourceOptions { Parent = allowS3ManagementRole } ); this.roleArn = allowS3ManagementRole.Arn; this.accessKeyId = unprivilegedUserCreds.Id; this.secretAccessKey = unprivilegedUserCreds.Secret; }