IAM user accounts for automation
Install Dependencies:
yarn install
or
npm install
Select Credentials:
Add the name of your local IAM profile to Pulumi.yaml. See Named Profiles
aws:profile:
default: "myprofile"
Add Users:
- Firstly, add usernames of the IAM users you want to create to the usernames file
usernames:
- bob
- jenkins
- hudson
- my-new-user
- Now create an IAM policy in the policies file and append the policy to the exported policies array. I find that using the policy document interfaces tends to be more predictable when deploying pulumi programs
Note
- The value of the
Id
field in theaws.iam.PolicyDocument
object must be the same as the user's username you want to attach it to (without hyphens(-)) for the user policy to be applied. For example; if I added the usernamejenkins-test-user
to the usernames file. Then the value of theId
field in theaws.iam.PolicyDocument
I wanted applied to that user should bejenkinstestuser
. Usernames without hyphens are unaffected.
import * as aws from '@pulumi/aws'
export const policies: aws.iam.PolicyDocument[] = []
const statement: aws.iam.PolicyStatement[] = [{
Sid: 's3All',
Action: [
"s3:*",
],
Effect: 'Allow',
Resource: '*'
}]
const policy: aws.iam.PolicyDocument = {
Version: '2012-10-17',
Id: 'mynewuser',
Statement: statement
}
policies.push(policy)
Deploy
Create a new project and stack
pulumi new
Create the users
pulumi up