micahmelling/iam.main.py Secret

## iam.__main__.py
import pulumi_aws as aws


def main():
    """
    Creates generic service roles that we might want to reuse. These include:
    - ecsInstanceRole: for running ECS services
    - ecsTaskExecution: for running ECS tasks
    - awsBatchServiceRole: for running Batch environments
    """
    ecs_instance_role = aws.iam.Role("ecsInstanceRole",
                                     name="ecsInstanceRole",
                                     assume_role_policy="""{
        "Version": "2012-10-17",
        "Statement": [
        {
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
            "Service": "ec2.amazonaws.com"
            }
        }
        ]
    }
    """)
    ecs_instance_role_policy_attachment = aws.iam.RolePolicyAttachment("ecsInstanceRolePolicyAttachment",
                                                                       role=ecs_instance_role.name,
                                                                       policy_arn="arn:aws:iam::aws:policy/service-role"
                                                                                  "/AmazonEC2ContainerServiceforEC2Role"
                                                                       )

    ecs_task_execution_role = aws.iam.Role("ecsTaskExecution",
                                           name="ecsTaskExecution",
                                           assume_role_policy="""{
          "Version": "2008-10-17",
          "Statement": [
            {
              "Sid": "",
              "Effect": "Allow",
              "Principal": {
                "Service": "ecs-tasks.amazonaws.com"
              },
              "Action": "sts:AssumeRole"
            }
          ]
        }
    """)
    ecs_task_role_policy_attachment = aws.iam.RolePolicyAttachment("ecsTaskExecution",
                                                                    role=ecs_task_execution_role.name,
                                                                    policy_arn="arn:aws:iam::aws:policy/service-role"
                                                                               "/AmazonECSTaskExecutionRolePolicy"
                                                                    )

    aws_batch_service_role = aws.iam.Role("awsBatchServiceRole",
                                          name="awsBatchServiceRole",
                                          assume_role_policy="""{
        "Version": "2012-10-17",
        "Statement": [
        {
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
            "Service": "batch.amazonaws.com"
            }
        }
        ]
    }
    """)
    aws_batch_service_role_policy_attachment = aws.iam.RolePolicyAttachment("awsBatchServiceRolePolicyAttachment",
                                                                            role=aws_batch_service_role.name,
                                                                            policy_arn="arn:aws:iam::aws:policy/"
                                                                                       "service-role/AWSBatchService"
                                                                                       "Role")
	import pulumi_aws as aws


	def main():
	"""
	Creates generic service roles that we might want to reuse. These include:
	- ecsInstanceRole: for running ECS services
	- ecsTaskExecution: for running ECS tasks
	- awsBatchServiceRole: for running Batch environments
	"""
	ecs_instance_role = aws.iam.Role("ecsInstanceRole",
	name="ecsInstanceRole",
	assume_role_policy="""{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": "sts:AssumeRole",
	"Effect": "Allow",
	"Principal": {
	"Service": "ec2.amazonaws.com"
	}
	}
	]
	}
	""")
	ecs_instance_role_policy_attachment = aws.iam.RolePolicyAttachment("ecsInstanceRolePolicyAttachment",
	role=ecs_instance_role.name,
	policy_arn="arn:aws:iam::aws:policy/service-role"
	"/AmazonEC2ContainerServiceforEC2Role"
	)

	ecs_task_execution_role = aws.iam.Role("ecsTaskExecution",
	name="ecsTaskExecution",
	assume_role_policy="""{
	"Version": "2008-10-17",
	"Statement": [
	{
	"Sid": "",
	"Effect": "Allow",
	"Principal": {
	"Service": "ecs-tasks.amazonaws.com"
	},
	"Action": "sts:AssumeRole"
	}
	]
	}
	""")
	ecs_task_role_policy_attachment = aws.iam.RolePolicyAttachment("ecsTaskExecution",
	role=ecs_task_execution_role.name,
	policy_arn="arn:aws:iam::aws:policy/service-role"
	"/AmazonECSTaskExecutionRolePolicy"
	)

	aws_batch_service_role = aws.iam.Role("awsBatchServiceRole",
	name="awsBatchServiceRole",
	assume_role_policy="""{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": "sts:AssumeRole",
	"Effect": "Allow",
	"Principal": {
	"Service": "batch.amazonaws.com"
	}
	}
	]
	}
	""")
	aws_batch_service_role_policy_attachment = aws.iam.RolePolicyAttachment("awsBatchServiceRolePolicyAttachment",
	role=aws_batch_service_role.name,
	policy_arn="arn:aws:iam::aws:policy/"
	"service-role/AWSBatchService"
	"Role")