Created
March 8, 2023 08:18
-
-
Save AbhiOnGithub/c1abffc5881cd69cb9e30dc7c10a4ae4 to your computer and use it in GitHub Desktop.
Using Pulumi and GoLang
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam" | |
"github.com/pulumi/pulumi/sdk/v3/go/pulumi" | |
) | |
func main() { | |
pulumi.Run(func(ctx *pulumi.Context) error { | |
// Create a policy document that allows access to a specific S3 bucket | |
bucketPolicy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ | |
Statements: []iam.GetPolicyDocumentStatement{ | |
iam.GetPolicyDocumentStatement{ | |
Actions: []string{"s3:GetObject", "s3:PutObject"}, | |
Resources: []string{ | |
"arn:aws:s3:::my-bucket/*", | |
}, | |
Effect: "Allow", | |
}, | |
}, | |
}, nil) | |
if err != nil { | |
return err | |
} | |
// Create a policy that uses the policy document | |
bucketPolicyResource, err := iam.NewPolicy(ctx, "bucketPolicy", &iam.PolicyArgs{ | |
Policy: bucketPolicy.Json, | |
}) | |
if err != nil { | |
return err | |
} | |
// Create a role for each tenant that can assume the policy | |
tenants := []string{"tenant1", "tenant2", "tenant3"} | |
for _, tenant := range tenants { | |
// Create a role for the tenant | |
tenantRole, err := iam.NewRole(ctx, tenant+"Role", &iam.RoleArgs{ | |
AssumeRolePolicy: pulumi.String(`{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Principal": { | |
"AWS": "arn:aws:iam::123456789012:root" | |
}, | |
"Effect": "Allow", | |
"Sid": "" | |
} | |
] | |
}`), | |
}) | |
if err != nil { | |
return err | |
} | |
// Attach the policy to the role | |
_, err = iam.NewRolePolicyAttachment(ctx, tenant+"PolicyAttachment", &iam.RolePolicyAttachmentArgs{ | |
Role: tenantRole.Name, | |
PolicyArn: bucketPolicyResource.Arn, | |
}) | |
if err != nil { | |
return err | |
} | |
} | |
return nil | |
}) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment