pulumi-aws-kotlin/com.pulumi.aws.glue.kotlin/ResourcePolicyArgs

ResourcePolicyArgs

data class ResourcePolicyArgs(val enableHybrid: Output<String>? = null, val policy: Output<String>? = null) : ConvertibleToJava<ResourcePolicyArgs>

Provides a Glue resource policy. Only one can exist per region.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getCallerIdentity({});
const currentGetPartition = aws.getPartition({});
const currentGetRegion = aws.getRegion({});
const glue_example_policy = Promise.all([currentGetPartition, currentGetRegion, current])&#46;then(([currentGetPartition, currentGetRegion, current]) => aws.iam.getPolicyDocument({
    statements: [{
        actions: ["glue:CreateTable"],
        resources: [`arn:${currentGetPartition&#46;partition}:glue:${currentGetRegion&#46;name}:${current&#46;accountId}:*`],
        principals: [{
            identifiers: ["*"],
            type: "AWS",
        }],
    }],
}));
const example = new aws.glue.ResourcePolicy("example", {policy: glue_example_policy.then(glue_example_policy => glue_example_policy.json)});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
current = aws.get_caller_identity()
current_get_partition = aws.get_partition()
current_get_region = aws.get_region()
glue_example_policy = aws.iam.get_policy_document(statements=[{
    "actions": ["glue:CreateTable"],
    "resources": [f"arn:{current_get_partition&#46;partition}:glue:{current_get_region&#46;name}:{current&#46;account_id}:*"],
    "principals": [{
        "identifiers": ["*"],
        "type": "AWS",
    }],
}])
example = aws.glue.ResourcePolicy("example", policy=glue_example_policy.json)
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var current = Aws.GetCallerIdentity.Invoke();
    var currentGetPartition = Aws.GetPartition.Invoke();
    var currentGetRegion = Aws.GetRegion.Invoke();
    var glue_example_policy = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Actions = new[]
                {
                    "glue:CreateTable",
                },
                Resources = new[]
                {
                    $"arn:{currentGetPartition.Apply(getPartitionResult => getPartitionResult.Partition)}:glue:{currentGetRegion.Apply(getRegionResult => getRegionResult.Name)}:{current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:*",
                },
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Identifiers = new[]
                        {
                            "*",
                        },
                        Type = "AWS",
                    },
                },
            },
        },
    });
    var example = new Aws.Glue.ResourcePolicy("example", new()
    {
        Policy = glue_example_policy.Apply(glue_example_policy => glue_example_policy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json)),
    });
});
Content copied to clipboard
package main
import (
	"fmt"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
		if err != nil {
			return err
		}
		currentGetPartition, err := aws.GetPartition(ctx, &aws.GetPartitionArgs{}, nil)
		if err != nil {
			return err
		}
		currentGetRegion, err := aws.GetRegion(ctx, &aws.GetRegionArgs{}, nil)
		if err != nil {
			return err
		}
		glue_example_policy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Actions: []string{
						"glue:CreateTable",
					},
					Resources: []string{
						fmt.Sprintf("arn:%v:glue:%v:%v:*", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),
					},
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Identifiers: []string{
								"*",
							},
							Type: "AWS",
						},
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = glue.NewResourcePolicy(ctx, "example", &glue.ResourcePolicyArgs{
			Policy: pulumi.String(glue_example_policy.Json),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.inputs.GetPartitionArgs;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.glue.ResourcePolicy;
import com.pulumi.aws.glue.ResourcePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = AwsFunctions.getCallerIdentity(GetCallerIdentityArgs.builder()
            .build());
        final var currentGetPartition = AwsFunctions.getPartition(GetPartitionArgs.builder()
            .build());
        final var currentGetRegion = AwsFunctions.getRegion(GetRegionArgs.builder()
            .build());
        final var glue-example-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("glue:CreateTable")
                .resources(String.format("arn:%s:glue:%s:%s:*", currentGetPartition.partition(),currentGetRegion.name(),current.accountId()))
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .identifiers("*")
                    .type("AWS")
                    .build())
                .build())
            .build());
        var example = new ResourcePolicy("example", ResourcePolicyArgs.builder()
            .policy(glue_example_policy.json())
            .build());
    }
}
Content copied to clipboard
resources:
  example:
    type: aws:glue:ResourcePolicy
    properties:
      policy: ${["glue-example-policy"].json}
variables:
  current:
    fn::invoke:
      function: aws:getCallerIdentity
      arguments: {}
  currentGetPartition:
    fn::invoke:
      function: aws:getPartition
      arguments: {}
  currentGetRegion:
    fn::invoke:
      function: aws:getRegion
      arguments: {}
  glue-example-policy:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - actions:
              - glue:CreateTable
            resources:
              - arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:*
            principals:
              - identifiers:
                  - '*'
                type: AWS
Content copied to clipboard

Import

Using pulumi import, import Glue Resource Policy using the account ID. For example:

$ pulumi import aws:glue/resourcePolicy:ResourcePolicy Test 12356789012
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(enableHybrid: Output<String>? = null, policy: Output<String>? = null)

Properties

Link copied to clipboard
val enableHybrid: Output<String>? = null

Indicates that you are using both methods to grant cross-account. Valid values are TRUE and FALSE. Note the provider will not perform drift detetction on this field as its not return on read.

Link copied to clipboard
val policy: Output<String>? = null

The policy to be applied to the aws glue data catalog.

Functions

Link copied to clipboard
open override fun toJava(): ResourcePolicyArgs