public MyStack() { var dlmLifecycleRole = new Aws.Iam.Role("dlmLifecycleRole", new Aws.Iam.RoleArgs { AssumeRolePolicy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": ""sts:AssumeRole"", ""Principal"": { ""Service"": ""dlm.amazonaws.com"" }, ""Effect"": ""Allow"", ""Sid"": """" } ] } ", }); var dlmLifecycle = new Aws.Iam.RolePolicy("dlmLifecycle", new Aws.Iam.RolePolicyArgs { Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Effect"": ""Allow"", ""Action"": [ ""ec2:CreateSnapshot"", ""ec2:DeleteSnapshot"", ""ec2:DescribeVolumes"", ""ec2:DescribeSnapshots"" ], ""Resource"": ""*"" }, { ""Effect"": ""Allow"", ""Action"": [ ""ec2:CreateTags"" ], ""Resource"": ""arn:aws:ec2:*::snapshot/*"" } ] } ", Role = dlmLifecycleRole.Id, }); var example = new Aws.Dlm.LifecyclePolicy("example", new Aws.Dlm.LifecyclePolicyArgs { Description = "example DLM lifecycle policy", ExecutionRoleArn = dlmLifecycleRole.Arn, PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs { ResourceTypes = { "VOLUME", },
public MyStack() { var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs { Statements = { new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs { Actions = { "sts:AssumeRole", }, Effect = "Allow", Principals = { new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs { Identifiers = { aws_iam_role.AWSCloudFormationStackSetAdministrationRole.Arn, }, Type = "AWS", }, }, }, }, })); var aWSCloudFormationStackSetExecutionRole = new Aws.Iam.Role("aWSCloudFormationStackSetExecutionRole", new Aws.Iam.RoleArgs { AssumeRolePolicy = aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Apply(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy => aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json), }); var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs { Statements = { new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs { Actions = { "cloudformation:*", "s3:*", "sns:*", }, Effect = "Allow", Resources = { "*", }, }, }, })); var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy", new Aws.Iam.RolePolicyArgs { Policy = aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Apply(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument => aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Json), Role = aWSCloudFormationStackSetExecutionRole.Name, }); }
public MyStack() { var rule = new Aws.Cfg.Rule("rule", new Aws.Cfg.RuleArgs { Source = new Aws.Cfg.Inputs.RuleSourceArgs { Owner = "AWS", SourceIdentifier = "S3_BUCKET_VERSIONING_ENABLED", }, }, new CustomResourceOptions { DependsOn = { "aws_config_configuration_recorder.foo", }, }); var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs { AssumeRolePolicy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": ""sts:AssumeRole"", ""Principal"": { ""Service"": ""config.amazonaws.com"" }, ""Effect"": ""Allow"", ""Sid"": """" } ] } ", }); var foo = new Aws.Cfg.Recorder("foo", new Aws.Cfg.RecorderArgs { RoleArn = role.Arn, }); var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs { Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": ""config:Put*"", ""Effect"": ""Allow"", ""Resource"": ""*"" } ] } ", Role = role.Id, }); }
public CreateRoleStack() { var config = new Pulumi.Config(); var unprivilegedUsername = config.Require("unprivilegedUsername"); var unprivilegedUser = new Iam.User("unprivilegedUser", new Iam.UserArgs { Name = unprivilegedUsername, }); var unprivilegedUserCreds = new Iam.AccessKey("unprivileged-user-key", new Iam.AccessKeyArgs { User = unprivilegedUser.Name, }, // additional_secret_outputs specify properties that must be encrypted as secrets // https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs new CustomResourceOptions { AdditionalSecretOutputs = { "secret" } }); var tempPolicy = unprivilegedUser.Arn.Apply((string arn) => { AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn); return(JsonSerializer.Serialize <AssumeRolePolicyArgs>(policyArgs)); }); var allowS3ManagementRole = new Iam.Role("allow-s3-management", new Iam.RoleArgs { Description = "Allow management of S3 buckets", AssumeRolePolicy = tempPolicy }); var rolePolicy = new Iam.RolePolicy("allow-s3-management-policy", new Iam.RolePolicyArgs { Role = allowS3ManagementRole.Name, Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [{ ""Effect"": ""Allow"", ""Action"": ""s3:*"", ""Resource"": ""*"", ""Sid"": ""allowS3Access"" }] }" }, new CustomResourceOptions { Parent = allowS3ManagementRole } ); this.roleArn = allowS3ManagementRole.Arn; this.accessKeyId = unprivilegedUserCreds.Id; this.secretAccessKey = unprivilegedUserCreds.Secret; }
public MyStack() { var app = new Aws.Pinpoint.App("app", new Aws.Pinpoint.AppArgs { }); var identity = new Aws.Ses.DomainIdentity("identity", new Aws.Ses.DomainIdentityArgs { Domain = "example.com", }); var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs { AssumeRolePolicy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": ""sts:AssumeRole"", ""Principal"": { ""Service"": ""pinpoint.amazonaws.com"" }, ""Effect"": ""Allow"", ""Sid"": """" } ] } ", }); var email = new Aws.Pinpoint.EmailChannel("email", new Aws.Pinpoint.EmailChannelArgs { ApplicationId = app.ApplicationId, FromAddress = "*****@*****.**", Identity = identity.Arn, RoleArn = role.Arn, }); var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs { Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": { ""Action"": [ ""mobileanalytics:PutEvents"", ""mobileanalytics:PutItems"" ], ""Effect"": ""Allow"", ""Resource"": [ ""*"" ] } } ", Role = role.Id, }); }
public MyStack() { var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs { }); var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs { AssumeRolePolicy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Sid"": """", ""Effect"": ""Allow"", ""Principal"": { ""Service"": ""vpc-flow-logs.amazonaws.com"" }, ""Action"": ""sts:AssumeRole"" } ] } ", }); var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs { IamRoleArn = exampleRole.Arn, LogDestination = exampleLogGroup.Arn, TrafficType = "ALL", VpcId = aws_vpc.Example.Id, }); var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs { Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": [ ""logs:CreateLogGroup"", ""logs:CreateLogStream"", ""logs:PutLogEvents"", ""logs:DescribeLogGroups"", ""logs:DescribeLogStreams"" ], ""Effect"": ""Allow"", ""Resource"": ""*"" } ] } ", Role = exampleRole.Id, }); }
public MyStack() { var app = new Aws.Pinpoint.App("app", new Aws.Pinpoint.AppArgs { }); var testStream = new Aws.Kinesis.Stream("testStream", new Aws.Kinesis.StreamArgs { ShardCount = 1, }); var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs { AssumeRolePolicy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": ""sts:AssumeRole"", ""Principal"": { ""Service"": ""pinpoint.us-east-1.amazonaws.com"" }, ""Effect"": ""Allow"", ""Sid"": """" } ] } ", }); var stream = new Aws.Pinpoint.EventStream("stream", new Aws.Pinpoint.EventStreamArgs { ApplicationId = app.ApplicationId, DestinationStreamArn = testStream.Arn, RoleArn = testRole.Arn, }); var testRolePolicy = new Aws.Iam.RolePolicy("testRolePolicy", new Aws.Iam.RolePolicyArgs { Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": { ""Action"": [ ""kinesis:PutRecords"", ""kinesis:DescribeStream"" ], ""Effect"": ""Allow"", ""Resource"": [ ""arn:aws:kinesis:us-east-1:*:*/*"" ] } } ", Role = testRole.Id, }); }
public MyStack() { var cloudwatchRole = new Aws.Iam.Role("cloudwatchRole", new Aws.Iam.RoleArgs { AssumeRolePolicy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Sid"": """", ""Effect"": ""Allow"", ""Principal"": { ""Service"": ""apigateway.amazonaws.com"" }, ""Action"": ""sts:AssumeRole"" } ] } ", }); var demo = new Aws.ApiGateway.Account("demo", new Aws.ApiGateway.AccountArgs { CloudwatchRoleArn = cloudwatchRole.Arn, }); var cloudwatchRolePolicy = new Aws.Iam.RolePolicy("cloudwatchRolePolicy", new Aws.Iam.RolePolicyArgs { Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Effect"": ""Allow"", ""Action"": [ ""logs:CreateLogGroup"", ""logs:CreateLogStream"", ""logs:DescribeLogGroups"", ""logs:DescribeLogStreams"", ""logs:PutLogEvents"", ""logs:GetLogEvents"", ""logs:FilterLogEvents"" ], ""Resource"": ""*"" } ] } ", Role = cloudwatchRole.Id, }); }
public MyStack() { var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs { AssumeRolePolicy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": ""sts:AssumeRole"", ""Principal"": { ""Service"": ""ec2.amazonaws.com"" }, ""Effect"": ""Allow"", ""Sid"": """" } ] } ", }); var testPolicy = new Aws.Iam.RolePolicy("testPolicy", new Aws.Iam.RolePolicyArgs { Role = testRole.Id, Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": [ ""ec2:Describe*"" ], ""Effect"": ""Allow"", ""Resource"": ""*"" } ] } ", }); }
public MyStack() { var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs { Statements = { new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs { Actions = { "sts:AssumeRole", }, Effect = "Allow", Principals = { new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs { Identifiers = { "cloudformation.amazonaws.com", }, Type = "Service", }, }, }, }, })); var aWSCloudFormationStackSetAdministrationRole = new Aws.Iam.Role("aWSCloudFormationStackSetAdministrationRole", new Aws.Iam.RoleArgs { AssumeRolePolicy = aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Apply(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy => aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json), }); var example = new Aws.CloudFormation.StackSet("example", new Aws.CloudFormation.StackSetArgs { AdministrationRoleArn = aWSCloudFormationStackSetAdministrationRole.Arn, Parameters = { { "VPCCidr", "10.0.0.0/16" }, }, TemplateBody = @"{ ""Parameters"" : { ""VPCCidr"" : { ""Type"" : ""String"", ""Default"" : ""10.0.0.0/16"", ""Description"" : ""Enter the CIDR block for the VPC. Default is 10.0.0.0/16."" } }, ""Resources"" : { ""myVpc"": { ""Type"" : ""AWS::EC2::VPC"", ""Properties"" : { ""CidrBlock"" : { ""Ref"" : ""VPCCidr"" }, ""Tags"" : [ {""Key"": ""Name"", ""Value"": ""Primary_CF_VPC""} ] } } } } ", }); var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument = example.ExecutionRoleName.Apply(executionRoleName => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs { Statements = { new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs { Actions = { "sts:AssumeRole", }, Effect = "Allow", Resources = { $"arn:aws:iam::*:role/{executionRoleName}", }, }, }, })); var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy", new Aws.Iam.RolePolicyArgs { Policy = aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.Apply(aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument => aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.Json), Role = aWSCloudFormationStackSetAdministrationRole.Name, }); }