Class PolicyAttachment

Attaches a Managed IAM Policy to user(s), role(s), and/or group(s)

!> WARNING: The aws.iam.PolicyAttachment resource creates exclusive attachments of IAM policies. Across the entire AWS account, all of the users/roles/groups to which a single policy is attached must be declared by a single aws.iam.PolicyAttachment resource. This means that even any users/roles/groups that have the attached policy via any other mechanism (including other resources managed by this provider) will have that attached policy revoked by this resource. Consider aws.iam.RolePolicyAttachment, aws.iam.UserPolicyAttachment, or aws.iam.GroupPolicyAttachment instead. These resources do not enforce exclusive attachment of an IAM policy.

NOTE: The usage of this resource conflicts with the aws.iam.GroupPolicyAttachment, aws.iam.RolePolicyAttachment, and aws.iam.UserPolicyAttachment resources and will permanently show a difference if both are defined.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var user = new Aws.Iam.User("user", new Aws.Iam.UserArgs
    {
    });
    var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
    {
        AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Action"": ""sts:AssumeRole"",
  ""Principal"": {
    ""Service"": ""ec2.amazonaws.com""
  },
  ""Effect"": ""Allow"",
  ""Sid"": """"
}
]
}

",
    });
    var @group = new Aws.Iam.Group("group", new Aws.Iam.GroupArgs
    {
    });
    var policy = new Aws.Iam.Policy("policy", new Aws.Iam.PolicyArgs
    {
        Description = "A test policy",
        Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Action"": [
    ""ec2:Describe*""
  ],
  ""Effect"": ""Allow"",
  ""Resource"": ""*""
}
]
}

",
    });
    var test_attach = new Aws.Iam.PolicyAttachment("test-attach", new Aws.Iam.PolicyAttachmentArgs
    {
        Groups = 
        {
            @group.Name,
        },
        PolicyArn = policy.Arn,
        Roles = 
        {
            role.Name,
        },
        Users = 
        {
            user.Name,
        },
    });
}

}
Inheritance
System.Object
Resource
CustomResource
PolicyAttachment
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.Iam
Assembly: Pulumi.Aws.dll
Syntax
public class PolicyAttachment : CustomResource

Constructors

View Source

PolicyAttachment(String, PolicyAttachmentArgs, CustomResourceOptions)

Create a PolicyAttachment resource with the given unique name, arguments, and options.

Declaration
public PolicyAttachment(string name, PolicyAttachmentArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
PolicyAttachmentArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Groups

The group(s) the policy should be applied to

Declaration
public Output<ImmutableArray<string>> Groups { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

Name

The name of the attachment. This cannot be an empty string.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

PolicyArn

The ARN of the policy you want to apply

Declaration
public Output<string> PolicyArn { get; }
Property Value
Type Description
Output<System.String>
View Source

Roles

The role(s) the policy should be applied to

Declaration
public Output<ImmutableArray<string>> Roles { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

Users

The user(s) the policy should be applied to

Declaration
public Output<ImmutableArray<string>> Users { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>

Methods

View Source

Get(String, Input<String>, PolicyAttachmentState, CustomResourceOptions)

Get an existing PolicyAttachment resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static PolicyAttachment Get(string name, Input<string> id, PolicyAttachmentState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
PolicyAttachmentState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
PolicyAttachment