https://pulumi.com logo
i

icy-controller-6092

04/27/2022, 4:29 AM
Is there an API for generating IAM policies? e.g. I have a
aws.s3.Bucket
and I want to be able to call
PutObject
from a
aws.lambda.Function
- is there some kind of helper function where I can pass that in and get back a
aws.iam.Policy
?
l

little-cartoon-10569

04/27/2022, 4:33 AM
Are you using typescript/javascript? There's a helper type, aws.iam.PolicyDocument, that essentially achieves this.
i

icy-controller-6092

04/27/2022, 4:35 AM
this is great, thanks 🙂 I was searching for “pulumi iam generator” and couldn’t find anything, but adding policy returns the
getPolicyDocument
helper. thanks again !
l

little-cartoon-10569

04/27/2022, 5:08 AM
getPolicyDocument is good, but it's the older API. Simply creating a JS object with the aws.iam.PolicyDocument fields works a charm. You can assign it directly to most policy document fields.
Not quite all, unfortunately (policy documents existing all over the place), but all the most common uses, anyway.
Here's an example from my code base
l

limited-rainbow-51650

04/27/2022, 7:54 AM
@icy-controller-6092 if you are using JS/TS, you can use this third-party library a friend of mine created: https://www.npmjs.com/package/@thinkinglabs/aws-iam-policy
5 Views