public MyStack() { var user = new Aws.Iam.User("user", new Aws.Iam.UserArgs { }); var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs { Description = "A test policy", Policy = "", }); // insert policy here var test_attach = new Aws.Iam.UserPolicyAttachment("test-attach", new Aws.Iam.UserPolicyAttachmentArgs { PolicyArn = policy.Arn, User = user.Name, }); }
public MyStack() { var @group = new Aws.Iam.Group("group", new Aws.Iam.GroupArgs { }); var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs { Description = "A test policy", Policy = "", }); // insert policy here var test_attach = new Aws.Iam.GroupPolicyAttachment("test-attach", new Aws.Iam.GroupPolicyAttachmentArgs { Group = @group.Name, PolicyArn = policy.Arn, }); }
public MyStack() { var testLambda = new Aws.Lambda.Function("testLambda", new Aws.Lambda.FunctionArgs { }, new CustomResourceOptions { DependsOn = { "aws_cloudwatch_log_group.example", "aws_iam_role_policy_attachment.lambda_logs", }, }); // This is to optionally manage the CloudWatch Log Group for the Lambda Function. // If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below. var example = new Aws.CloudWatch.LogGroup("example", new Aws.CloudWatch.LogGroupArgs { RetentionInDays = 14, }); // See also the following AWS managed policy: AWSLambdaBasicExecutionRole var lambdaLogging = new Aws.Iam.Policy("lambdaLogging", new Aws.Iam.PolicyArgs { Description = "IAM policy for logging from a lambda", Path = "/", Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": [ ""logs:CreateLogGroup"", ""logs:CreateLogStream"", ""logs:PutLogEvents"" ], ""Resource"": ""arn:aws:logs:*:*:*"", ""Effect"": ""Allow"" } ] } ", }); var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambdaLogs", new Aws.Iam.RolePolicyAttachmentArgs { PolicyArn = lambdaLogging.Arn, Role = aws_iam_role.Iam_for_lambda.Name, }); }
public MyStack() { var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs { AssumeRolePolicy = @" { ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": ""sts:AssumeRole"", ""Principal"": { ""Service"": ""ec2.amazonaws.com"" }, ""Effect"": ""Allow"", ""Sid"": """" } ] } ", }); var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs { Description = "A test policy", Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": [ ""ec2:Describe*"" ], ""Effect"": ""Allow"", ""Resource"": ""*"" } ] } ", }); var test_attach = new Aws.Iam.RolePolicyAttachment("test-attach", new Aws.Iam.RolePolicyAttachmentArgs { PolicyArn = policy.Arn, Role = role.Name, }); }
public MyStack() { var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs { Description = "My test policy", Path = "/", Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": [ ""ec2:Describe*"" ], ""Effect"": ""Allow"", ""Resource"": ""*"" } ] } ", }); }