/iam-ci-users

IAM user accounts for automation

Primary LanguageTypeScriptGNU General Public License v3.0GPL-3.0

iam-ci-users

IAM user accounts for automation

Prerequisites

Usage

Install Dependencies:

yarn install

or

npm install

Select Credentials:

Add the name of your local IAM profile to Pulumi.yaml. See Named Profiles

    aws:profile:
      default: "myprofile"

Add Users:

  • Firstly, add usernames of the IAM users you want to create to the usernames file
usernames:
  - bob
  - jenkins
  - hudson
  - my-new-user
  • Now create an IAM policy in the policies file and append the policy to the exported policies array. I find that using the policy document interfaces tends to be more predictable when deploying pulumi programs

Note

  • The value of the Id field in the aws.iam.PolicyDocument object must be the same as the user's username you want to attach it to (without hyphens(-)) for the user policy to be applied. For example; if I added the username jenkins-test-user to the usernames file. Then the value of the Id field in the aws.iam.PolicyDocument I wanted applied to that user should be jenkinstestuser. Usernames without hyphens are unaffected.
import * as aws from '@pulumi/aws'

export const policies: aws.iam.PolicyDocument[] = []

const statement: aws.iam.PolicyStatement[] = [{
    Sid: 's3All',
    Action: [
        "s3:*",
    ],
    Effect: 'Allow',
    Resource: '*'
}]

const policy: aws.iam.PolicyDocument = {
    Version: '2012-10-17',
    Id: 'mynewuser',
    Statement: statement
}

policies.push(policy)

Deploy

Create a new project and stack

pulumi new

Create the users

pulumi up