purple-orange-91853
05/28/2021, 9:18 PMTurns out I was missing one : in the arn string causing the policy to render bad. Updated the Resource below to Resource: "arn:aws:iam::" + await accountId + ":user/${aws:username}" and all is well.
I am trying to write a AWS Self Manage policy and I'm stuck on getting the policy to work with aws internal variables such as ${aws:username}
when inside the JSON policy document. I have tried the terraform way of replacing the $
with an &
, but that does not work either. If I replace the Resource string in the policy document with "*"
it works as expected. I have also tried escaping the $
and {}
with a`\` in the code to no avail. Code block in question:
export const IAMSelfManagePolicy = async () => {
const current = aws.getCallerIdentity({ async: true });
const accountId = current.then(current => current.accountId);
const IAMSelfManagePolicy = new aws.iam.Policy("IAMSelfManagePolicy", {
name: "IAMSelfManagePolicy",
path: "/",
description: "Allow users to Self Manage their own credentials",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Sid: "AllowUserToChangePersonalOptions",
Effect: "Allow",
Action: [
"iam:*AccessKey*",
"iam:*SSHPublicKey*",
"iam:*LoginProfile",
"iam:ChangePassword"
],
Resource: "arn:aws:iam:" + await accountId + ":user/${aws:username}"
}
]
}),
});
}