public MyStack()
{
var dlmLifecycleRole = new Aws.Iam.Role("dlmLifecycleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""dlm.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var dlmLifecycle = new Aws.Iam.RolePolicy("dlmLifecycle", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Action"": [
""ec2:CreateSnapshot"",
""ec2:DeleteSnapshot"",
""ec2:DescribeVolumes"",
""ec2:DescribeSnapshots""
],
""Resource"": ""*""
},
{
""Effect"": ""Allow"",
""Action"": [
""ec2:CreateTags""
],
""Resource"": ""arn:aws:ec2:*::snapshot/*""
}
]
}
",
Role = dlmLifecycleRole.Id,
});
var example = new Aws.Dlm.LifecyclePolicy("example", new Aws.Dlm.LifecyclePolicyArgs
{
Description = "example DLM lifecycle policy",
ExecutionRoleArn = dlmLifecycleRole.Arn,
PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs
{
ResourceTypes =
{
"VOLUME",
},
public MyStack()
{
var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"sts:AssumeRole",
},
Effect = "Allow",
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
aws_iam_role.AWSCloudFormationStackSetAdministrationRole.Arn,
},
Type = "AWS",
},
},
},
},
}));
var aWSCloudFormationStackSetExecutionRole = new Aws.Iam.Role("aWSCloudFormationStackSetExecutionRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Apply(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy => aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json),
});
var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"cloudformation:*",
"s3:*",
"sns:*",
},
Effect = "Allow",
Resources =
{
"*",
},
},
},
}));
var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Apply(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument => aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Json),
Role = aWSCloudFormationStackSetExecutionRole.Name,
});
}
public MyStack()
{
var rule = new Aws.Cfg.Rule("rule", new Aws.Cfg.RuleArgs
{
Source = new Aws.Cfg.Inputs.RuleSourceArgs
{
Owner = "AWS",
SourceIdentifier = "S3_BUCKET_VERSIONING_ENABLED",
},
}, new CustomResourceOptions
{
DependsOn =
{
"aws_config_configuration_recorder.foo",
},
});
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""config.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var foo = new Aws.Cfg.Recorder("foo", new Aws.Cfg.RecorderArgs
{
RoleArn = role.Arn,
});
var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""config:Put*"",
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
Role = role.Id,
});
}
public CreateRoleStack()
{
var config = new Pulumi.Config();
var unprivilegedUsername = config.Require("unprivilegedUsername");
var unprivilegedUser = new Iam.User("unprivilegedUser", new Iam.UserArgs
{
Name = unprivilegedUsername,
});
var unprivilegedUserCreds = new Iam.AccessKey("unprivileged-user-key", new Iam.AccessKeyArgs
{
User = unprivilegedUser.Name,
},
// additional_secret_outputs specify properties that must be encrypted as secrets
// https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs
new CustomResourceOptions {
AdditionalSecretOutputs = { "secret" }
});
var tempPolicy = unprivilegedUser.Arn.Apply((string arn) =>
{
AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn);
return(JsonSerializer.Serialize <AssumeRolePolicyArgs>(policyArgs));
});
var allowS3ManagementRole = new Iam.Role("allow-s3-management", new Iam.RoleArgs
{
Description = "Allow management of S3 buckets",
AssumeRolePolicy = tempPolicy
});
var rolePolicy = new Iam.RolePolicy("allow-s3-management-policy", new Iam.RolePolicyArgs
{
Role = allowS3ManagementRole.Name,
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": ""s3:*"",
""Resource"": ""*"",
""Sid"": ""allowS3Access""
}]
}"
},
new CustomResourceOptions {
Parent = allowS3ManagementRole
}
);
this.roleArn = allowS3ManagementRole.Arn;
this.accessKeyId = unprivilegedUserCreds.Id;
this.secretAccessKey = unprivilegedUserCreds.Secret;
}
public MyStack()
{
var app = new Aws.Pinpoint.App("app", new Aws.Pinpoint.AppArgs
{
});
var identity = new Aws.Ses.DomainIdentity("identity", new Aws.Ses.DomainIdentityArgs
{
Domain = "example.com",
});
var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""pinpoint.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var email = new Aws.Pinpoint.EmailChannel("email", new Aws.Pinpoint.EmailChannelArgs
{
ApplicationId = app.ApplicationId,
FromAddress = "*****@*****.**",
Identity = identity.Arn,
RoleArn = role.Arn,
});
var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": {
""Action"": [
""mobileanalytics:PutEvents"",
""mobileanalytics:PutItems""
],
""Effect"": ""Allow"",
""Resource"": [
""*""
]
}
}
",
Role = role.Id,
});
}
public MyStack()
{
var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
{
});
var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""vpc-flow-logs.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
{
IamRoleArn = exampleRole.Arn,
LogDestination = exampleLogGroup.Arn,
TrafficType = "ALL",
VpcId = aws_vpc.Example.Id,
});
var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""logs:CreateLogGroup"",
""logs:CreateLogStream"",
""logs:PutLogEvents"",
""logs:DescribeLogGroups"",
""logs:DescribeLogStreams""
],
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
Role = exampleRole.Id,
});
}
public MyStack()
{
var app = new Aws.Pinpoint.App("app", new Aws.Pinpoint.AppArgs
{
});
var testStream = new Aws.Kinesis.Stream("testStream", new Aws.Kinesis.StreamArgs
{
ShardCount = 1,
});
var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""pinpoint.us-east-1.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var stream = new Aws.Pinpoint.EventStream("stream", new Aws.Pinpoint.EventStreamArgs
{
ApplicationId = app.ApplicationId,
DestinationStreamArn = testStream.Arn,
RoleArn = testRole.Arn,
});
var testRolePolicy = new Aws.Iam.RolePolicy("testRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": {
""Action"": [
""kinesis:PutRecords"",
""kinesis:DescribeStream""
],
""Effect"": ""Allow"",
""Resource"": [
""arn:aws:kinesis:us-east-1:*:*/*""
]
}
}
",
Role = testRole.Id,
});
}
public MyStack()
{
var cloudwatchRole = new Aws.Iam.Role("cloudwatchRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""apigateway.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var demo = new Aws.ApiGateway.Account("demo", new Aws.ApiGateway.AccountArgs
{
CloudwatchRoleArn = cloudwatchRole.Arn,
});
var cloudwatchRolePolicy = new Aws.Iam.RolePolicy("cloudwatchRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Action"": [
""logs:CreateLogGroup"",
""logs:CreateLogStream"",
""logs:DescribeLogGroups"",
""logs:DescribeLogStreams"",
""logs:PutLogEvents"",
""logs:GetLogEvents"",
""logs:FilterLogEvents""
],
""Resource"": ""*""
}
]
}
",
Role = cloudwatchRole.Id,
});
}
public MyStack()
{
var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var testPolicy = new Aws.Iam.RolePolicy("testPolicy", new Aws.Iam.RolePolicyArgs
{
Role = testRole.Id,
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""ec2:Describe*""
],
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
});
}
public MyStack()
{
var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"sts:AssumeRole",
},
Effect = "Allow",
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"cloudformation.amazonaws.com",
},
Type = "Service",
},
},
},
},
}));
var aWSCloudFormationStackSetAdministrationRole = new Aws.Iam.Role("aWSCloudFormationStackSetAdministrationRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Apply(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy => aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json),
});
var example = new Aws.CloudFormation.StackSet("example", new Aws.CloudFormation.StackSetArgs
{
AdministrationRoleArn = aWSCloudFormationStackSetAdministrationRole.Arn,
Parameters =
{
{ "VPCCidr", "10.0.0.0/16" },
},
TemplateBody = @"{
""Parameters"" : {
""VPCCidr"" : {
""Type"" : ""String"",
""Default"" : ""10.0.0.0/16"",
""Description"" : ""Enter the CIDR block for the VPC. Default is 10.0.0.0/16.""
}
},
""Resources"" : {
""myVpc"": {
""Type"" : ""AWS::EC2::VPC"",
""Properties"" : {
""CidrBlock"" : { ""Ref"" : ""VPCCidr"" },
""Tags"" : [
{""Key"": ""Name"", ""Value"": ""Primary_CF_VPC""}
]
}
}
}
}
",
});
var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument = example.ExecutionRoleName.Apply(executionRoleName => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"sts:AssumeRole",
},
Effect = "Allow",
Resources =
{
$"arn:aws:iam::*:role/{executionRoleName}",
},
},
},
}));
var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.Apply(aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument => aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.Json),
Role = aWSCloudFormationStackSetAdministrationRole.Name,
});
}
