damp-continent-75299
10/05/2022, 7:50 PMec2Instance, err := ec2.NewInstance(ctx, ec2InstanceIdentifier, &ec2.InstanceArgs{
Ami: pulumi.String(AppInstanceId),
InstanceType: pulumi.String("t3.micro"),
})
policy, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
{
"Action": []string{
"ec2:Describe*",
},
"Effect": "Allow",
"Resource": "*",
},
},
})
if err != nil {
return err
}
_, err = iam.NewUserPolicy(ctx, envIdentifier, &iam.UserPolicyArgs{
User: awsIamUser.Name,
Policy: pulumi.Sprintf(string(policy)),
})
if err != nil {
return err
}
import * as aws from '@pulumi/aws';
const defaultTags = { Creator: 'pulumi' };
const awsAccountId = pulumi.output(aws.getCallerIdentity()).accountId;
const infrastructureRole = new aws.iam.Role('infrastructure', {
name: 'infrastructure',
assumeRolePolicy: {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Action: 'sts:AssumeRole',
Principal: {
AWS: pulumi.interpolate`${awsAccountId}`,
}
}],
},
tags: defaultTags,
})
new aws.iam.RolePolicyAttachment('infrastructure-admin', {
role: infrastructureRole.name,
policyArn: aws.iam.getPolicyOutput({ name: 'SystemAdministrator'}).arn,
});
new aws.iam.RolePolicyAttachment('infrastructure-iam', {
role: infrastructureRole.name,
policyArn: aws.iam.getPolicyOutput({ name: 'IAMFullAccess' }).arn,
});
But for golangbillowy-army-68599
10/05/2022, 8:03 PMApplyT
here’s a similarish example: https://github.com/lbrlabs/pulumi-aws-tailscale/blob/main/provider/pkg/provider/bastion.go#L102-L128damp-continent-75299
10/05/2022, 8:05 PM