Is there a way to reference the created instance I...
# golangd
damp-continent-75299
10/05/2022, 7:50 PMIs there a way to reference the created instance Id inside the IAM policy, I want user(s) the created instance only
Copy code
ec2Instance, err := ec2.NewInstance(ctx, ec2InstanceIdentifier, &ec2.InstanceArgs{
Ami: pulumi.String(AppInstanceId),
InstanceType: pulumi.String("t3.micro"),
})
policy, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
{
"Action": []string{
"ec2:Describe*",
},
"Effect": "Allow",
"Resource": "*",
},
},
})
if err != nil {
return err
}
_, err = iam.NewUserPolicy(ctx, envIdentifier, &iam.UserPolicyArgs{
User: awsIamUser.Name,
Policy: pulumi.Sprintf(string(policy)),
})
if err != nil {
return err
}damp-continent-75299
10/05/2022, 7:57 PMsomething like this
Copy code
import * as aws from '@pulumi/aws';
const defaultTags = { Creator: 'pulumi' };
const awsAccountId = pulumi.output(aws.getCallerIdentity()).accountId;
const infrastructureRole = new aws.iam.Role('infrastructure', {
name: 'infrastructure',
assumeRolePolicy: {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Action: 'sts:AssumeRole',
Principal: {
AWS: pulumi.interpolate`${awsAccountId}`,
}
}],
},
tags: defaultTags,
})
new aws.iam.RolePolicyAttachment('infrastructure-admin', {
role: infrastructureRole.name,
policyArn: aws.iam.getPolicyOutput({ name: 'SystemAdministrator'}).arn,
});
new aws.iam.RolePolicyAttachment('infrastructure-iam', {
role: infrastructureRole.name,
policyArn: aws.iam.getPolicyOutput({ name: 'IAMFullAccess' }).arn,
});b
billowy-army-68599
10/05/2022, 8:03 PM
@damp-continent-75299 yes, you need to use an
ApplyTd
damp-continent-75299
10/05/2022, 8:05 PMawesome, thank you so much 🙏
3 Views