cnunciato/index.ts Secret

## index.ts
const cleanupHandlerPolicy = new aws.iam.Policy("cleanup-handler-policy", {
    policy: {
        Version: "2012-10-17",
        Statement: [
            {
                Effect: "Allow",
                Action: [
                    "ec2:DescribeInstances",
                ],
                Resource: [
                    "*",
                ],
            },
            {
                Effect: "Allow",
                Action: [
                    "ec2:TerminateInstances",
                ],
                Resource: [
                    args.subnet.arn,
                    pulumi.interpolate `arn:aws:ec2:${awsRegion}::image/${imageID}`,
                    pulumi.interpolate `arn:aws:ec2:${awsRegion}:${awsAccountID}:network-interface/*`,
                    pulumi.interpolate `arn:aws:ec2:${awsRegion}:${awsAccountID}:instance/*`,
                    pulumi.interpolate `arn:aws:ec2:${awsRegion}:${awsAccountID}:volume/*`,
                    pulumi.interpolate `arn:aws:ec2:${awsRegion}:${awsAccountID}:key-pair/*`,
                    pulumi.interpolate `arn:aws:ec2:${awsRegion}:${awsAccountID}:security-group/*`,
                ],
            },
        ],
    },
    tags,
});
	const cleanupHandlerPolicy = new aws.iam.Policy("cleanup-handler-policy", {
	policy: {
	Version: "2012-10-17",
	Statement: [
	{
	Effect: "Allow",
	Action: [
	"ec2:DescribeInstances",
	],
	Resource: [
	"*",
	],
	},
	{
	Effect: "Allow",
	Action: [
	"ec2:TerminateInstances",
	],
	Resource: [
	args.subnet.arn,
	pulumi.interpolate `arn:aws:ec2:${awsRegion}::image/${imageID}`,
	pulumi.interpolate `arn:aws:ec2:${awsRegion}:${awsAccountID}:network-interface/*`,
	pulumi.interpolate `arn:aws:ec2:${awsRegion}:${awsAccountID}:instance/*`,
	pulumi.interpolate `arn:aws:ec2:${awsRegion}:${awsAccountID}:volume/*`,
	pulumi.interpolate `arn:aws:ec2:${awsRegion}:${awsAccountID}:key-pair/*`,
	pulumi.interpolate `arn:aws:ec2:${awsRegion}:${awsAccountID}:security-group/*`,
	],
	},
	],
	},
	tags,
	});