Esempio n. 1
0
    public MyStack()
    {
        var lbUser = new Aws.Iam.User("lbUser", new Aws.Iam.UserArgs
        {
            Path = "/system/",
        });
        var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new Aws.Iam.AccessKeyArgs
        {
            PgpKey = "keybase:some_person_that_exists",
            User   = lbUser.Name,
        });
        var lbRo = new Aws.Iam.UserPolicy("lbRo", new Aws.Iam.UserPolicyArgs
        {
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""ec2:Describe*""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""*""
    }
  ]
}

",
            User   = lbUser.Name,
        });

        this.Secret = lbAccessKey.EncryptedSecret;
    }
Esempio n. 2
0
    public MyStack()
    {
        var lbUser = new Aws.Iam.User("lbUser", new Aws.Iam.UserArgs
        {
            Path = "/system/",
        });
        var lbRo = new Aws.Iam.UserPolicy("lbRo", new Aws.Iam.UserPolicyArgs
        {
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""ec2:Describe*""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""*""
    }
  ]
}

",
            User   = lbUser.Name,
        });
        var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new Aws.Iam.AccessKeyArgs
        {
            User = lbUser.Name,
        });
    }
Esempio n. 3
0
 public MyStack()
 {
     var user1 = new Aws.Iam.User("user1", new Aws.Iam.UserArgs
     {
     });
     var group1 = new Aws.Iam.Group("group1", new Aws.Iam.GroupArgs
     {
     });
     var group2 = new Aws.Iam.Group("group2", new Aws.Iam.GroupArgs
     {
     });
     var example1 = new Aws.Iam.UserGroupMembership("example1", new Aws.Iam.UserGroupMembershipArgs
     {
         Groups =
         {
             group1.Name,
             group2.Name,
         },
         User = user1.Name,
     });
     var group3 = new Aws.Iam.Group("group3", new Aws.Iam.GroupArgs
     {
     });
     var example2 = new Aws.Iam.UserGroupMembership("example2", new Aws.Iam.UserGroupMembershipArgs
     {
         Groups =
         {
             group3.Name,
         },
         User = user1.Name,
     });
 }
Esempio n. 4
0
    public CreateRoleStack()
    {
        var config = new Pulumi.Config();
        var unprivilegedUsername = config.Require("unprivilegedUsername");

        var unprivilegedUser = new Iam.User("unprivilegedUser", new Iam.UserArgs
        {
            Name = unprivilegedUsername,
        });

        var unprivilegedUserCreds = new Iam.AccessKey("unprivileged-user-key", new Iam.AccessKeyArgs
        {
            User = unprivilegedUser.Name,
        },
                                                      // additional_secret_outputs specify properties that must be encrypted as secrets
                                                      // https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs
                                                      new CustomResourceOptions {
            AdditionalSecretOutputs = { "secret" }
        });

        var tempPolicy = unprivilegedUser.Arn.Apply((string arn) =>
        {
            AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn);
            return(JsonSerializer.Serialize <AssumeRolePolicyArgs>(policyArgs));
        });

        var allowS3ManagementRole = new Iam.Role("allow-s3-management", new Iam.RoleArgs
        {
            Description      = "Allow management of S3 buckets",
            AssumeRolePolicy = tempPolicy
        });

        var rolePolicy = new Iam.RolePolicy("allow-s3-management-policy", new Iam.RolePolicyArgs
        {
            Role   = allowS3ManagementRole.Name,
            Policy =
                @"{
                ""Version"": ""2012-10-17"",
                ""Statement"": [{
                    ""Effect"": ""Allow"",
                    ""Action"": ""s3:*"",
                    ""Resource"": ""*"",
                    ""Sid"": ""allowS3Access""
                }]
            }"
        },
                                            new CustomResourceOptions {
            Parent = allowS3ManagementRole
        }
                                            );

        this.roleArn         = allowS3ManagementRole.Arn;
        this.accessKeyId     = unprivilegedUserCreds.Id;
        this.secretAccessKey = unprivilegedUserCreds.Secret;
    }
Esempio n. 5
0
 public MyStack()
 {
     var userUser = new Aws.Iam.User("userUser", new Aws.Iam.UserArgs
     {
         Path = "/",
     });
     var userSshKey = new Aws.Iam.SshKey("userSshKey", new Aws.Iam.SshKeyArgs
     {
         Encoding  = "SSH",
         PublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 [email protected]",
         Username  = userUser.Name,
     });
 }
Esempio n. 6
0
    public MyStack()
    {
        var exampleUser = new Aws.Iam.User("exampleUser", new Aws.Iam.UserArgs
        {
            ForceDestroy = true,
            Path         = "/",
        });
        var exampleUserLoginProfile = new Aws.Iam.UserLoginProfile("exampleUserLoginProfile", new Aws.Iam.UserLoginProfileArgs
        {
            PgpKey = "keybase:some_person_that_exists",
            User   = exampleUser.Name,
        });

        this.Password = exampleUserLoginProfile.EncryptedPassword;
    }
Esempio n. 7
0
 public MyStack()
 {
     var user = new Aws.Iam.User("user", new Aws.Iam.UserArgs
     {
     });
     var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs
     {
         Description = "A test policy",
         Policy      = "",
     });
     // insert policy here
     var test_attach = new Aws.Iam.UserPolicyAttachment("test-attach", new Aws.Iam.UserPolicyAttachmentArgs
     {
         PolicyArn = policy.Arn,
         User      = user.Name,
     });
 }
Esempio n. 8
0
 public MyStack()
 {
     var @group = new Aws.Iam.Group("group", new Aws.Iam.GroupArgs
     {
     });
     var userOne = new Aws.Iam.User("userOne", new Aws.Iam.UserArgs
     {
     });
     var userTwo = new Aws.Iam.User("userTwo", new Aws.Iam.UserArgs
     {
     });
     var team = new Aws.Iam.GroupMembership("team", new Aws.Iam.GroupMembershipArgs
     {
         Group = @group.Name,
         Users =
         {
             userOne.Name,
             userTwo.Name,
         },
     });
 }
Esempio n. 9
0
    public MyStack()
    {
        var user = new Aws.Iam.User("user", new Aws.Iam.UserArgs
        {
        });
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""ec2.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var @group = new Aws.Iam.Group("group", new Aws.Iam.GroupArgs
        {
        });
        var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs
        {
            Description = "A test policy",
            Policy      = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""ec2:Describe*""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""*""
    }
  ]
}

",
        });
        var test_attach = new Aws.Iam.PolicyAttachment("test-attach", new Aws.Iam.PolicyAttachmentArgs
        {
            Groups =
            {
                @group.Name,
            },
            PolicyArn = policy.Arn,
            Roles     =
            {
                role.Name,
            },
            Users =
            {
                user.Name,
            },
        });
    }