No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Is there an API for generating IAM policies? e.g. I have a `aws.s3.Bucket` and I want to be able to call `PutObject` from a `aws.lambda.Function` - is there some kind of helper function where I can pass that in and get back a `aws.iam.Policy`?

Are you using typescript/javascript? There's a helper type, aws.iam.PolicyDocument, that essentially achieves this.

this is great, thanks :slightly_smiling_face: I was searching for “pulumi iam generator” and couldn’t find anything, but adding policy returns the `getPolicyDocument` helper. thanks again !

getPolicyDocument is good, but it's the older API. Simply creating a JS object with the aws.iam.PolicyDocument fields works a charm. You can assign it directly to most policy document fields.

Not quite all, unfortunately (policy documents existing all over the place), but all the most common uses, anyway.

Untitled.ts

<@U03CLBPHR0D> if you are using JS/TS, you can use this third-party library a friend of mine created: <https://www.npmjs.com/package/@thinkinglabs/aws-iam-policy>