Is there a better way to write json iam policies than using a bunch of []map[string]interface{}{ everywhere and pull it together with json.Marshal?

There's the structured IAM class

Thanks Itay, I'll have a looksee

i wrote a helper that made it a bit less painful to build policies.. end up with code like this:

Policy: policy.New("my-policy",
          policy.Statement("statement-one",
                  policy.Effect(policy.Allow),
                  policy.Action(
                          "s3:GetObject",
                          "s3:PutObject",
                  ),
                  policy.Principal("AWS",
                          "arn:aws:iam::12345:root",
                  ),
                  policy.Resource(
                          pulumi.Sprintf("%s/*", bucketArn),
                  ),
          ),
  ).ToStringOutput(),

that would be awesome! @important-appointment-55126

ok let me see what state that code is in and i’ll upload it.. could probably still use some love though 😉

Here is my example. I don't find this that bad?

source, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{

Statements: []iam.GetPolicyDocumentStatement{ // Allow AssumeRole - we allow to assume any role, // but that role will have to have been granted permissions // to be assumable by this role. { Actions: []string{ "sts:AssumeRole", }, Resources: []string{ "*", }, Effect: &allow, }, // Some base bucket policies { Actions: []string{ "s3:HeadBucket", }, Resources: []string{ bucketArn, }, Effect: &allow, },

Also Hi Gareth - it's been a minute 😀

it has indeed been a few minutes! Hope you’re doing well 🙂

Understood. In my case I usually need it anyway for some other things so it works out OK.

@important-appointment-55126 this helper repo is awesome ❤️