pulumi-aws-kotlin/com.pulumi.aws.iam.kotlin/RolePolicyAttachmentArgs

RolePolicyAttachmentArgs

data class RolePolicyAttachmentArgs(val policyArn: Output<String>? = null, val role: Output<String>? = null) : ConvertibleToJava<RolePolicyAttachmentArgs>

Attaches a Managed IAM Policy to an IAM role

NOTE: The usage of this resource conflicts with the aws.iam.PolicyAttachment resource and will permanently show a difference if both are defined. NOTE: For a given role, this resource is incompatible with using the aws.iam.Role resource managed_policy_arns argument. When using that argument and this resource, both will attempt to manage the role's managed policy attachments and the provider will show a permanent difference.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Service")
                    .identifiers("ec2.amazonaws.com")
                    .build())
                .actions("sts:AssumeRole")
                .build())
            .build());
        var role = new Role("role", RoleArgs.builder()
            .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
        final var policyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions("ec2:Describe*")
                .resources("*")
                .build())
            .build());
        var policyPolicy = new Policy("policyPolicy", PolicyArgs.builder()
            .description("A test policy")
            .policy(policyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
        var test_attach = new RolePolicyAttachment("test-attach", RolePolicyAttachmentArgs.builder()
            .role(role.name())
            .policyArn(policyPolicy.arn())
            .build());
    }
}
Content copied to clipboard

Import

IAM role policy attachments can be imported using the role name and policy arn separated by /.

$ pulumi import aws:iam/rolePolicyAttachment:RolePolicyAttachment test-attach test-role/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(policyArn: Output<String>? = null, role: Output<String>? = null)

Properties

Link copied to clipboard
val policyArn: Output<String>? = null

The ARN of the policy you want to apply

Link copied to clipboard
val role: Output<String>? = null

The name of the IAM role to which the policy should be applied

Functions

Link copied to clipboard
open override fun toJava(): RolePolicyAttachmentArgs