hi... I would like to create an IAM role that a) A...
# general
b
hi... I would like to create an IAM role that a) Allows AssumeRole, b) Has several Customer managed policies attached, c) Has several AWS managed policies attached. What would the python pulumi format of such a role be?
s
First, create the
aws.iam.Role
resource, which requires the assume role policy. For your custom policies, create
aws.iam.Policy
and
aws.iam.RolePolicyAttachment
resources. For AWS-managed policies, grab the ARN (the console is one place to get them), and just create
aws.iam.RolePolicyAttachment
resources and just set the policy ARN to the AWS-managed policy.
b
I have created the custom policies already... in the actual code of the aws.iam.Role however, do I reference the custom and aws managed policies in order to attach them? or is that a separate process?
s
Attach your policies using
aws.iam.RolePolicyAttachment
.
One attachment per (role, policy ARN) combo. You can do these in a loop (for the AWS policies at least).
b
great thanks... I was able to create the role and attach all relevant policies.... was a little stuck when it comes to assigning that role to an ec2 instance though....
s
Still stuck or are you all good now?
b
Haven’t progressed since