gorgeous-honey-75918
01/18/2024, 1:11 PM~ assumeRolePolicy: "\"{\\\"Statement\\\":[{\\\"Action\\\":\\\"sts:AssumeRoleWithWebIdentity\\\",\\\"Condition\\\":{\\\"StringEquals\\\":{\\\"oidc.eks.eu-north-1.amazonaws.com/id/**:sub\\\":[\\\"system:serviceaccount:di-auth:di-auth\\\",\\\"system:serviceaccount:di-auth:di-auth-some-service\\\",\\\"system:serviceaccount:some-other-namespace:some-other-service\\\"]}},\\\"Effect\\\":\\\"Allow\\\",\\\"Principal\\\":{\\\"Federated\\\":\\\"arn:aws:iam::**:oidc-provider/oidc.eks.eu-north-1.amazonaws.com/id/**\\\"},\\\"Sid\\\":\\\"trustEksOidcMultipleServices\\\"}],\\\"Version\\\":\\\"2012-10-17\\\"}\"" => "\"{\\\"Statement\\\":[{\\\"Action\\\":\\\"sts:AssumeRoleWithWebIdentity\\\",\\\"Condition\\\":{\\\"StringEquals\\\":{\\\"oidc.eks.eu-north-1.amazonaws.com/id/**:sub\\\":[\\\"system:serviceaccount:di-auth:di-auth\\\",\\\"system:serviceaccount:di-auth:di-auth-some-service\\\",\\\"system:serviceaccount:some-other-namespace:some-other-service\\\"]}},\\\"Effect\\\":\\\"Allow\\\",\\\"Principal\\\":{\\\"Federated\\\":\\\"arn:aws:iam::**:oidc-provider-222/oidc.eks.eu-north-1.amazonaws.com/id/**\\\"},\\\"Sid\\\":\\\"trustEksOidcMultipleServices\\\"}],\\\"Version\\\":\\\"2012-10-17\\\"}\""
import * as aws from "@pulumi/aws";
import exp = require("constants");
import { tags } from "./types";
import { PolicyDocument, PolicyStatement } from "@pulumi/aws/iam";
...
const assumeRolePolicy: PolicyDocument = {
Version: "2012-10-17",
Statement: [
trustRelationshipStatement
]
};
const di_auth_service = new aws.iam.Role("di_auth_service", {
assumeRolePolicy: assumeRolePolicy,
managedPolicyArns: ["arn:aws:iam::aws:policy/AmazonSESFullAccess"],
maxSessionDuration: 28800,
name: "di-auth-service",
tags: {
...tags,
"asset-type": "IAM Role",
},
}, {
protect: true,
});
export const di_auth_service_role_arn = di_auth_service.arn
stale-answer-34162
01/18/2024, 2:55 PMadorable-house-61348
01/18/2024, 5:49 PMgorgeous-honey-75918
01/18/2024, 6:56 PM