示例#1
0
    public MyStack()
    {
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            Acl = "private",
        });
        var firehoseRole = new Aws.Iam.Role("firehoseRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""firehose.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var testStream = new Aws.Kinesis.FirehoseDeliveryStream("testStream", new Aws.Kinesis.FirehoseDeliveryStreamArgs
        {
            Destination     = "s3",
            S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs
            {
                BucketArn = bucket.Arn,
                RoleArn   = firehoseRole.Arn,
            },
        });
    }
示例#2
0
 public MyStack()
 {
     var example = new Aws.Iam.Role("example", new Aws.Iam.RoleArgs
     {
         AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary <string, object?>
         {
             { "Statement", new[]
               {
                   new Dictionary <string, object?>
                   {
                       { "Action", "sts:AssumeRole" },
                       { "Effect", "Allow" },
                       { "Principal", new Dictionary <string, object?>
                         {
                             { "Service", "eks-fargate-pods.amazonaws.com" },
                         } },
                   },
               } },
             { "Version", "2012-10-17" },
         }),
     });
     var example_AmazonEKSFargatePodExecutionRolePolicy = new Aws.Iam.RolePolicyAttachment("example-AmazonEKSFargatePodExecutionRolePolicy", new Aws.Iam.RolePolicyAttachmentArgs
     {
         PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy",
         Role      = example.Name,
     });
 }
示例#3
0
    public MyStack()
    {
        var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""ec2.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
            Tags             =
            {
                { "tag-key", "tag-value" },
            },
        });
    }
示例#4
0
    public MyStack()
    {
        var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [""sts:AssumeRole""],
      ""Effect"": ""allow"",
      ""Principal"": {
        ""Service"": [""backup.amazonaws.com""]
      }
    }
  ]
}

",
        });
        var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("exampleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup",
            Role      = exampleRole.Name,
        });
        var exampleSelection = new Aws.Backup.Selection("exampleSelection", new Aws.Backup.SelectionArgs
        {
            IamRoleArn = exampleRole.Arn,
        });
    }
示例#5
0
    private iam.Role createRedshiftRole()
    {
        var redShiftRole = new iam.Role("dend-redshift-role", new iam.RoleArgs
        {
            Description      = "Role Created for Udacity's DEND",
            Path             = "/service-role/redshift.amazonaws.com/dend/",
            AssumeRolePolicy = @"{
                    ""Version"": ""2012-10-17"",
                    ""Statement"": [
                        {
                            ""Sid"": """",
                            ""Effect"": ""Allow"",
                            ""Principal"": {
                                ""Service"": [
                                    ""redshift.amazonaws.com""
                                ]
                            },
                            ""Action"": ""sts:AssumeRole""
                        }
                    ]
                }",
        }, this.CustomResourceOptions);

        var redShiftRolePolicyAttachment = new iam.RolePolicyAttachment("redshift-s3-readonly-attachment", new iam.RolePolicyAttachmentArgs
        {
            Role      = redShiftRole.Name,
            PolicyArn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess",
        }, this.CustomResourceOptions);


        return(redShiftRole);
    }
示例#6
0
    public MyStack()
    {
        var example = new Aws.Iam.Role("example", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""eks.amazonaws.com""
      },
      ""Action"": ""sts:AssumeRole""
    }
  ]
}

",
        });
        var example_AmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment("example-AmazonEKSClusterPolicy", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
            Role      = example.Name,
        });
        var example_AmazonEKSServicePolicy = new Aws.Iam.RolePolicyAttachment("example-AmazonEKSServicePolicy", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy",
            Role      = example.Name,
        });
    }
示例#7
0
    public MyStack()
    {
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""config.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var foo = new Aws.Cfg.Recorder("foo", new Aws.Cfg.RecorderArgs
        {
            RoleArn = role.Arn,
        });
    }
示例#8
0
    public MyStack()
    {
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
    ""Version"": ""2012-10-17"",
    ""Statement"": [
        {
            ""Action"": ""sts:AssumeRole"",
            ""Principal"": {
               ""Service"": ""ec2.amazonaws.com""
            },
            ""Effect"": ""Allow"",
            ""Sid"": """"
        }
    ]
}

",
            Path             = "/",
        });
        var testProfile = new Aws.Iam.InstanceProfile("testProfile", new Aws.Iam.InstanceProfileArgs
        {
            Role = role.Name,
        });
    }
示例#9
0
    public MyStack()
    {
        var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
    ""Version"": ""2012-10-17"",
    ""Statement"": [
        {
        ""Effect"": ""Allow"",
        ""Principal"": {
            ""Service"": ""appsync.amazonaws.com""
        },
        ""Action"": ""sts:AssumeRole""
        }
    ]
}

",
        });
        var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("exampleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
            Role      = exampleRole.Name,
        });
        var exampleGraphQLApi = new Aws.AppSync.GraphQLApi("exampleGraphQLApi", new Aws.AppSync.GraphQLApiArgs
        {
            LogConfig = new Aws.AppSync.Inputs.GraphQLApiLogConfigArgs
            {
                CloudwatchLogsRoleArn = exampleRole.Arn,
                FieldLogLevel         = "ERROR",
            },
        });
    }
示例#10
0
    public MyStack()
    {
        var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
        {
            Acl = "private",
        });
        var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""codebuild.amazonaws.com""
      },
      ""Action"": ""sts:AssumeRole""
    }
  ]
}

",
        });
        var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = Output.Tuple(exampleBucket.Arn, exampleBucket.Arn).Apply(values =>
            {
                var exampleBucketArn  = values.Item1;
                var exampleBucketArn1 = values.Item2;
                return(@$ "{{
  " "Version" ": " "2012-10-17" ",
  " "Statement" ": [
示例#11
0
    public MyStack()
    {
        var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"  {
    ""Version"": ""2012-10-17"",
    ""Statement"": {
      ""Effect"": ""Allow"",
      ""Principal"": {""Service"": ""ssm.amazonaws.com""},
      ""Action"": ""sts:AssumeRole""
    }
  }

",
        });
        var testAttach = new Aws.Iam.RolePolicyAttachment("testAttach", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
            Role      = testRole.Name,
        });
        var foo = new Aws.Ssm.Activation("foo", new Aws.Ssm.ActivationArgs
        {
            Description       = "Test",
            IamRole           = testRole.Id,
            RegistrationLimit = 5,
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                "aws_iam_role_policy_attachment.test_attach",
            },
        });
    }
示例#12
0
    public MyStack()
    {
        var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Sid"": """",
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""codedeploy.amazonaws.com""
      },
      ""Action"": ""sts:AssumeRole""
    }
  ]
}

",
        });
        var aWSCodeDeployRole = new Aws.Iam.RolePolicyAttachment("aWSCodeDeployRole", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole",
            Role      = exampleRole.Name,
        });
        var exampleApplication = new Aws.CodeDeploy.Application("exampleApplication", new Aws.CodeDeploy.ApplicationArgs
        {
        });
        var exampleTopic = new Aws.Sns.Topic("exampleTopic", new Aws.Sns.TopicArgs
        {
        });
        var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup("exampleDeploymentGroup", new Aws.CodeDeploy.DeploymentGroupArgs
        {
            AlarmConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAlarmConfigurationArgs
            {
                Alarms =
                {
                    "my-alarm-name",
                },
                Enabled = true,
            },
            AppName = exampleApplication.Name,
            AutoRollbackConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAutoRollbackConfigurationArgs
            {
                Enabled = true,
                Events  =
                {
                    "DEPLOYMENT_FAILURE",
                },
            },
            DeploymentGroupName = "example-group",
            Ec2TagSets          =
            {
                new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetArgs
                {
                    Ec2TagFilter =
                    {
                        {
                            { "key",   "filterkey1"      },
示例#13
0
    public MyStack()
    {
        var dlmLifecycleRole = new Aws.Iam.Role("dlmLifecycleRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""dlm.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var dlmLifecycle = new Aws.Iam.RolePolicy("dlmLifecycle", new Aws.Iam.RolePolicyArgs
        {
            Policy = @"{
   ""Version"": ""2012-10-17"",
   ""Statement"": [
      {
         ""Effect"": ""Allow"",
         ""Action"": [
            ""ec2:CreateSnapshot"",
            ""ec2:DeleteSnapshot"",
            ""ec2:DescribeVolumes"",
            ""ec2:DescribeSnapshots""
         ],
         ""Resource"": ""*""
      },
      {
         ""Effect"": ""Allow"",
         ""Action"": [
            ""ec2:CreateTags""
         ],
         ""Resource"": ""arn:aws:ec2:*::snapshot/*""
      }
   ]
}

",
            Role   = dlmLifecycleRole.Id,
        });
        var example = new Aws.Dlm.LifecyclePolicy("example", new Aws.Dlm.LifecyclePolicyArgs
        {
            Description      = "example DLM lifecycle policy",
            ExecutionRoleArn = dlmLifecycleRole.Arn,
            PolicyDetails    = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs
            {
                ResourceTypes =
                {
                    "VOLUME",
                },
示例#14
0
 public MyStack()
 {
     var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
     {
         Statements =
         {
             new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
             {
                 Actions =
                 {
                     "sts:AssumeRole",
                 },
                 Effect     = "Allow",
                 Principals =
                 {
                     new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
                     {
                         Identifiers =
                         {
                             aws_iam_role.AWSCloudFormationStackSetAdministrationRole.Arn,
                         },
                         Type = "AWS",
                     },
                 },
             },
         },
     }));
     var aWSCloudFormationStackSetExecutionRole = new Aws.Iam.Role("aWSCloudFormationStackSetExecutionRole", new Aws.Iam.RoleArgs
     {
         AssumeRolePolicy = aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Apply(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy => aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json),
     });
     var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
     {
         Statements =
         {
             new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
             {
                 Actions =
                 {
                     "cloudformation:*",
                     "s3:*",
                     "sns:*",
                 },
                 Effect    = "Allow",
                 Resources =
                 {
                     "*",
                 },
             },
         },
     }));
     var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy", new Aws.Iam.RolePolicyArgs
     {
         Policy = aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Apply(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument => aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Json),
         Role   = aWSCloudFormationStackSetExecutionRole.Name,
     });
 }
示例#15
0
    public MyStack()
    {
        var rule = new Aws.Cfg.Rule("rule", new Aws.Cfg.RuleArgs
        {
            Source = new Aws.Cfg.Inputs.RuleSourceArgs
            {
                Owner            = "AWS",
                SourceIdentifier = "S3_BUCKET_VERSIONING_ENABLED",
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                "aws_config_configuration_recorder.foo",
            },
        });
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""config.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var foo = new Aws.Cfg.Recorder("foo", new Aws.Cfg.RecorderArgs
        {
            RoleArn = role.Arn,
        });
        var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
        ""Action"": ""config:Put*"",
        ""Effect"": ""Allow"",
        ""Resource"": ""*""

    }
  ]
}

",
            Role   = role.Id,
        });
    }
示例#16
0
    public CreateRoleStack()
    {
        var config = new Pulumi.Config();
        var unprivilegedUsername = config.Require("unprivilegedUsername");

        var unprivilegedUser = new Iam.User("unprivilegedUser", new Iam.UserArgs
        {
            Name = unprivilegedUsername,
        });

        var unprivilegedUserCreds = new Iam.AccessKey("unprivileged-user-key", new Iam.AccessKeyArgs
        {
            User = unprivilegedUser.Name,
        },
                                                      // additional_secret_outputs specify properties that must be encrypted as secrets
                                                      // https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs
                                                      new CustomResourceOptions {
            AdditionalSecretOutputs = { "secret" }
        });

        var tempPolicy = unprivilegedUser.Arn.Apply((string arn) =>
        {
            AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn);
            return(JsonSerializer.Serialize <AssumeRolePolicyArgs>(policyArgs));
        });

        var allowS3ManagementRole = new Iam.Role("allow-s3-management", new Iam.RoleArgs
        {
            Description      = "Allow management of S3 buckets",
            AssumeRolePolicy = tempPolicy
        });

        var rolePolicy = new Iam.RolePolicy("allow-s3-management-policy", new Iam.RolePolicyArgs
        {
            Role   = allowS3ManagementRole.Name,
            Policy =
                @"{
                ""Version"": ""2012-10-17"",
                ""Statement"": [{
                    ""Effect"": ""Allow"",
                    ""Action"": ""s3:*"",
                    ""Resource"": ""*"",
                    ""Sid"": ""allowS3Access""
                }]
            }"
        },
                                            new CustomResourceOptions {
            Parent = allowS3ManagementRole
        }
                                            );

        this.roleArn         = allowS3ManagementRole.Arn;
        this.accessKeyId     = unprivilegedUserCreds.Id;
        this.secretAccessKey = unprivilegedUserCreds.Secret;
    }
示例#17
0
    public MyStack()
    {
        var fooRecorderStatus = new Aws.Cfg.RecorderStatus("fooRecorderStatus", new Aws.Cfg.RecorderStatusArgs
        {
            IsEnabled = true,
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                "aws_config_delivery_channel.foo",
            },
        });
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""config.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var rolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("rolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSConfigRole",
            Role      = role.Name,
        });
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
        });
        var fooDeliveryChannel = new Aws.Cfg.DeliveryChannel("fooDeliveryChannel", new Aws.Cfg.DeliveryChannelArgs
        {
            S3BucketName = bucket.BucketName,
        });
        var fooRecorder = new Aws.Cfg.Recorder("fooRecorder", new Aws.Cfg.RecorderArgs
        {
            RoleArn = role.Arn,
        });
        var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = Output.Tuple(bucket.Arn, bucket.Arn).Apply(values =>
            {
                var bucketArn  = values.Item1;
                var bucketArn1 = values.Item2;
                return(@$ "{{
  " "Version" ": " "2012-10-17" ",
  " "Statement" ": [
示例#18
0
    public MyStack()
    {
        var app = new Aws.Pinpoint.App("app", new Aws.Pinpoint.AppArgs
        {
        });
        var identity = new Aws.Ses.DomainIdentity("identity", new Aws.Ses.DomainIdentityArgs
        {
            Domain = "example.com",
        });
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""pinpoint.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var email = new Aws.Pinpoint.EmailChannel("email", new Aws.Pinpoint.EmailChannelArgs
        {
            ApplicationId = app.ApplicationId,
            FromAddress   = "*****@*****.**",
            Identity      = identity.Arn,
            RoleArn       = role.Arn,
        });
        var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": {
    ""Action"": [
      ""mobileanalytics:PutEvents"",
      ""mobileanalytics:PutItems""
    ],
    ""Effect"": ""Allow"",
    ""Resource"": [
      ""*""
    ]
  }
}

",
            Role   = role.Id,
        });
    }
示例#19
0
    public MyStack()
    {
        var app = new Aws.Pinpoint.App("app", new Aws.Pinpoint.AppArgs
        {
        });
        var testStream = new Aws.Kinesis.Stream("testStream", new Aws.Kinesis.StreamArgs
        {
            ShardCount = 1,
        });
        var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""pinpoint.us-east-1.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var stream = new Aws.Pinpoint.EventStream("stream", new Aws.Pinpoint.EventStreamArgs
        {
            ApplicationId        = app.ApplicationId,
            DestinationStreamArn = testStream.Arn,
            RoleArn = testRole.Arn,
        });
        var testRolePolicy = new Aws.Iam.RolePolicy("testRolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": {
    ""Action"": [
      ""kinesis:PutRecords"",
      ""kinesis:DescribeStream""
    ],
    ""Effect"": ""Allow"",
    ""Resource"": [
      ""arn:aws:kinesis:us-east-1:*:*/*""
    ]
  }
}

",
            Role   = testRole.Id,
        });
    }
示例#20
0
    public MyStack()
    {
        var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
        {
        });
        var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Sid"": """",
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""vpc-flow-logs.amazonaws.com""
      },
      ""Action"": ""sts:AssumeRole""
    }
  ]
}

",
        });
        var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
        {
            IamRoleArn     = exampleRole.Arn,
            LogDestination = exampleLogGroup.Arn,
            TrafficType    = "ALL",
            VpcId          = aws_vpc.Example.Id,
        });
        var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""logs:CreateLogGroup"",
        ""logs:CreateLogStream"",
        ""logs:PutLogEvents"",
        ""logs:DescribeLogGroups"",
        ""logs:DescribeLogStreams""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""*""
    }
  ]
}

",
            Role   = exampleRole.Id,
        });
    }
示例#21
0
    public MyStack()
    {
        var cloudwatchRole = new Aws.Iam.Role("cloudwatchRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Sid"": """",
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""apigateway.amazonaws.com""
      },
      ""Action"": ""sts:AssumeRole""
    }
  ]
}

",
        });
        var demo = new Aws.ApiGateway.Account("demo", new Aws.ApiGateway.AccountArgs
        {
            CloudwatchRoleArn = cloudwatchRole.Arn,
        });
        var cloudwatchRolePolicy = new Aws.Iam.RolePolicy("cloudwatchRolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = @"{
    ""Version"": ""2012-10-17"",
    ""Statement"": [
        {
            ""Effect"": ""Allow"",
            ""Action"": [
                ""logs:CreateLogGroup"",
                ""logs:CreateLogStream"",
                ""logs:DescribeLogGroups"",
                ""logs:DescribeLogStreams"",
                ""logs:PutLogEvents"",
                ""logs:GetLogEvents"",
                ""logs:FilterLogEvents""
            ],
            ""Resource"": ""*""
        }
    ]
}

",
            Role   = cloudwatchRole.Id,
        });
    }
示例#22
0
    public MyStack()
    {
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            ForceDestroy = true,
        });
        var fooDeliveryChannel = new Aws.Cfg.DeliveryChannel("fooDeliveryChannel", new Aws.Cfg.DeliveryChannelArgs
        {
            S3BucketName = bucket.BucketName,
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                "aws_config_configuration_recorder.foo",
            },
        });
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""config.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var fooRecorder = new Aws.Cfg.Recorder("fooRecorder", new Aws.Cfg.RecorderArgs
        {
            RoleArn = role.Arn,
        });
        var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = Output.Tuple(bucket.Arn, bucket.Arn).Apply(values =>
            {
                var bucketArn  = values.Item1;
                var bucketArn1 = values.Item2;
                return(@$ "{{
  " "Version" ": " "2012-10-17" ",
  " "Statement" ": [
示例#23
0
    public MyStack()
    {
        var key = new Aws.Kms.Key("key", new Aws.Kms.KeyArgs
        {
        });
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""lambda.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var grant = new Aws.Kms.Grant("grant", new Aws.Kms.GrantArgs
        {
            Constraints =
            {
                new Aws.Kms.Inputs.GrantConstraintArgs
                {
                    EncryptionContextEquals =
                    {
                        { "Department", "Finance" },
                    },
                },
            },
            GranteePrincipal = role.Arn,
            KeyId            = key.KeyId,
            Operations       =
            {
                "Encrypt",
                "Decrypt",
                "GenerateDataKey",
            },
        });
    }
示例#24
0
    public MyStack()
    {
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"    {
      ""Version"": ""2012-10-17"",
      ""Statement"": [
        {
          ""Action"": ""sts:AssumeRole"",
          ""Principal"": {
            ""Service"": ""ec2.amazonaws.com""
          },
          ""Effect"": ""Allow"",
          ""Sid"": """"
        }
      ]
    }

",
        });
        var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs
        {
            Description = "A test policy",
            Policy      = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""ec2:Describe*""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""*""
    }
  ]
}

",
        });
        var test_attach = new Aws.Iam.RolePolicyAttachment("test-attach", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = policy.Arn,
            Role      = role.Name,
        });
    }
示例#25
0
    public MyStack()
    {
        var organizationRole = new Aws.Iam.Role("organizationRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Sid"": """",
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""config.amazonaws.com""
      },
      ""Action"": ""sts:AssumeRole""
    }
  ]
}

",
        });
        var organizationConfigurationAggregator = new Aws.Cfg.ConfigurationAggregator("organizationConfigurationAggregator", new Aws.Cfg.ConfigurationAggregatorArgs
        {
            OrganizationAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs
            {
                AllRegions = true,
                RoleArn    = organizationRole.Arn,
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                "aws_iam_role_policy_attachment.organization",
            },
        });
        var organizationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("organizationRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
            Role      = organizationRole.Name,
        });
    }
示例#26
0
    public MyStack()
    {
        var mytopic = new Aws.Sns.Topic("mytopic", new Aws.Sns.TopicArgs
        {
        });
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""iot.amazonaws.com""
      },
      ""Action"": ""sts:AssumeRole""
    }
  ]
}

",
        });
        var rule = new Aws.Iot.TopicRule("rule", new Aws.Iot.TopicRuleArgs
        {
            Description = "Example rule",
            Enabled     = true,
            Sns         = new Aws.Iot.Inputs.TopicRuleSnsArgs
            {
                Sns = "RAW",
                Sns = role.Arn,
                Sns = mytopic.Arn,
            },
            Sql        = "SELECT * FROM 'topic/test'",
            SqlVersion = "2016-03-23",
        });
        var iamPolicyForLambda = new Aws.Iam.RolePolicy("iamPolicyForLambda", new Aws.Iam.RolePolicyArgs
        {
            Policy = mytopic.Arn.Apply(arn => @$ "{{
  " "Version" ": " "2012-10-17" ",
  " "Statement" ": [
示例#27
0
    public MyStack()
    {
        var mainUserPool = new Aws.Cognito.UserPool("mainUserPool", new Aws.Cognito.UserPoolArgs
        {
        });
        var groupRole = new Aws.Iam.Role("groupRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Sid"": """",
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Federated"": ""cognito-identity.amazonaws.com""
      },
      ""Action"": ""sts:AssumeRoleWithWebIdentity"",
      ""Condition"": {
        ""StringEquals"": {
          ""cognito-identity.amazonaws.com:aud"": ""us-east-1:12345678-dead-beef-cafe-123456790ab""
        },
        ""ForAnyValue:StringLike"": {
          ""cognito-identity.amazonaws.com:amr"": ""authenticated""
        }
      }
    }
  ]
}

",
        });
        var mainUserGroup = new Aws.Cognito.UserGroup("mainUserGroup", new Aws.Cognito.UserGroupArgs
        {
            Description = "Managed by Pulumi",
            Precedence  = 42,
            RoleArn     = groupRole.Arn,
            UserPoolId  = mainUserPool.Id,
        });
    }
示例#28
0
 public MyStack()
 {
     var model = new Aws.Sagemaker.Model("model", new Aws.Sagemaker.ModelArgs
     {
         ExecutionRoleArn = aws_iam_role.Foo.Arn,
         PrimaryContainer = new Aws.Sagemaker.Inputs.ModelPrimaryContainerArgs
         {
             Image = "174872318107.dkr.ecr.us-west-2.amazonaws.com/kmeans:1",
         },
     });
     var assumeRole = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
     {
         Statements =
         {
             new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
             {
                 Actions =
                 {
                     "sts:AssumeRole",
                 },
                 Principals =
                 {
                     new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
                     {
                         Identifiers =
                         {
                             "sagemaker.amazonaws.com",
                         },
                         Type = "Service",
                     },
                 },
             },
         },
     }));
     var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
     {
         AssumeRolePolicy = assumeRole.Apply(assumeRole => assumeRole.Json),
     });
 }
示例#29
0
    public MyStack()
    {
        var exampleTable = new Aws.DynamoDB.Table("exampleTable", new Aws.DynamoDB.TableArgs
        {
            Attributes =
            {
                new Aws.DynamoDB.Inputs.TableAttributeArgs
                {
                    Name = "UserId",
                    Type = "S",
                },
            },
            HashKey       = "UserId",
            ReadCapacity  = 1,
            WriteCapacity = 1,
        });
        var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""appsync.amazonaws.com""
      },
      ""Effect"": ""Allow""
    }
  ]
}

",
        });
        var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = exampleTable.Arn.Apply(arn => @$ "{{
  " "Version" ": " "2012-10-17" ",
  " "Statement" ": [
示例#30
0
    public MyStack()
    {
        var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""ec2.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}
",
        });
        var testPolicy = new Aws.Iam.RolePolicy("testPolicy", new Aws.Iam.RolePolicyArgs
        {
            Role   = testRole.Id,
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""ec2:Describe*""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""*""
    }
  ]
}
",
        });
    }