Policy
data class PolicyArgs(val description: Output<String>? = null, val name: Output<String>? = null, val namePrefix: Output<String>? = null, val path: Output<String>? = null, val policy: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<PolicyArgs>
Provides an IAM policy.
NOTE: We suggest using explicit JSON encoding or
aws.iam.getPolicyDocumentwhen assigning a value topolicy. They seamlessly translate configuration to JSON, enabling you to maintain consistency within your configuration without the need for context switches. Also, you can sidestep potential complications arising from formatting discrepancies, whitespace inconsistencies, and other nuances inherent to JSON.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const policy = new aws.iam.Policy("policy", {
name: "test_policy",
path: "/",
description: "My test policy",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: ["ec2:Describe*"],
Effect: "Allow",
Resource: "*",
}],
}),
});Content copied to clipboard
import pulumi
import json
import pulumi_aws as aws
policy = aws.iam.Policy("policy",
name="test_policy",
path="/",
description="My test policy",
policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": ["ec2:Describe*"],
"Effect": "Allow",
"Resource": "*",
}],
}))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var policy = new Aws.Iam.Policy("policy", new()
{
Name = "test_policy",
Path = "/",
Description = "My test policy",
PolicyDocument = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = new[]
{
"ec2:Describe*",
},
["Effect"] = "Allow",
["Resource"] = "*",
},
},
}),
});
});Content copied to clipboard
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": []string{
"ec2:Describe*",
},
"Effect": "Allow",
"Resource": "*",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = iam.NewPolicy(ctx, "policy", &iam.PolicyArgs{
Name: pulumi.String("test_policy"),
Path: pulumi.String("/"),
Description: pulumi.String("My test policy"),
Policy: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new Policy("policy", PolicyArgs.builder()
.name("test_policy")
.path("/")
.description("My test policy")
.policy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", jsonArray("ec2:Describe*")),
jsonProperty("Effect", "Allow"),
jsonProperty("Resource", "*")
)))
)))
.build());
}
}Content copied to clipboard
resources:
policy:
type: aws:iam:Policy
properties:
name: test_policy
path: /
description: My test policy
policy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action:
- ec2:Describe*
Effect: Allow
Resource: '*'Content copied to clipboard
Import
Using pulumi import, import IAM Policies using the arn. For example:
$ pulumi import aws:iam/policy:Policy administrator arn:aws:iam::123456789012:policy/UsersManageOwnCredentialsContent copied to clipboard
Constructors
Properties
Link copied to clipboard
Description of the IAM policy.
Link copied to clipboard
Creates a unique name beginning with the specified prefix. Conflicts with name.
Link copied to clipboard
Path in which to create the policy. See IAM Identifiers for more information.