https://pulumi.com logo
Title
b

brash-restaurant-84207

10/03/2022, 12:33 PM
hi... I would like to create an IAM role that a) Allows AssumeRole, b) Has several Customer managed policies attached, c) Has several AWS managed policies attached. What would the python pulumi format of such a role be?
s

stocky-restaurant-98004

10/03/2022, 6:09 PM
First, create the
aws.iam.Role
resource, which requires the assume role policy. For your custom policies, create
aws.iam.Policy
and
aws.iam.RolePolicyAttachment
resources. For AWS-managed policies, grab the ARN (the console is one place to get them), and just create
aws.iam.RolePolicyAttachment
resources and just set the policy ARN to the AWS-managed policy.
b

brash-restaurant-84207

10/03/2022, 8:39 PM
I have created the custom policies already... in the actual code of the aws.iam.Role however, do I reference the custom and aws managed policies in order to attach them? or is that a separate process?
s

stocky-restaurant-98004

10/03/2022, 8:43 PM
Attach your policies using
aws.iam.RolePolicyAttachment
.
One attachment per (role, policy ARN) combo. You can do these in a loop (for the AWS policies at least).
b

brash-restaurant-84207

10/04/2022, 9:38 AM
great thanks... I was able to create the role and attach all relevant policies.... was a little stuck when it comes to assigning that role to an ec2 instance though....
s

stocky-restaurant-98004

10/04/2022, 3:04 PM
Still stuck or are you all good now?
b

brash-restaurant-84207

10/05/2022, 4:54 PM
Haven’t progressed since