Create IAM policies using dhall.
These dhall files were tested using dhall-to-json version 1.6.1 though I
expect them to be compatible with other versions of the tool.
See the examples for usage examples.
With all the nitty-gritty little services in AWS and their interdependence, creating IAM policies correctly (and maintaining them) can become quite daunting. This gets increasingly difficult in highly sensitive areas, e.g. healthcare, national defense, etc... where components are generally expected to abide by the principle of least privilege.
But these are not the only challenges provided by IAM policies
- many policy errors don't surface until the policy is actually created (or, heaven forbid, during run-time) and JSON doesn't help to illuminate some of the easier-to-detect configuration errors
- JSON is inherently schema-less though IAM policies actually have a schema, albeit a simple one
- JSON doesn't compose or express dependencies without bolting on another programming language or nesting a wacky, unnatural DSL (again requiring another language for interpretation)
I believe that dhall speaks to each of these issues.