https://pulumi.com logo
#general
Title
# general
p

proud-tiger-5743

09/28/2018, 9:02 PM
I'm trying to map arns into an IAM policy but
update
keeps rejecting it. At the top of my code, I declare a bucket called
bucket
and an EC2 called
ec2
. But I'm trying to scope down User access to the bucket and the instance.
Copy code
policy: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: [
          "iam:GenerateCredentialReport",
          "iam:GenerateServiceLastAccessedDetails",
          "iam:Get*",
          "iam:List*",
          "iam:CreateAccessKey",
          "iam:ChangePassword",
          "iam:SimulateCustomPolicy",
          "iam:SimulatePrincipalPolicy"
        ],
        Resource: "*"
      },
      {
        Action: ["s3:*"],
        Effect: "Allow",
        Resource: [bucket.arn]
      },
      {
        Effect: "Allow",
        Action: ["ec2:Describe*"],
        Resource: "*"
      },
      {
        Action: [
          "ec2:StartInstances",
          "ec2:StopInstances",
          "ec2:RebootInstances"
        ],
        Resource: [ec2.arn],
        Effect: "Allow"
      }
    ]
  })