aws-iam.GroupWithPolicies
Explore with Pulumi AI
This resources allows you to create an IAM group with specified IAM policies, and then add specified users into your created group.
Example Usage
using Pulumi;
using Pulumi.AwsIam;
using Pulumi.AwsIam.Inputs;
class MyStack : Stack
{
public MyStack()
{
var groupWithPolicies = new GroupWithPolicies("group-with-policies", new GroupWithPoliciesArgs
{
Name = "superadmins",
GroupUsers = {"user1", "user2"},
AttachIamSelfManagementPolicy = true,
CustomGroupPolicyArns = {"arn:aws:iam::aws:policy/AdministratorAccess"},
CustomGroupPolicies = new InputList<ImmutableDictionary<string, string>>
{
ImmutableDictionary.Create<string, string>()
.Add("name", "AllowS3Listing")
.Add("policy", "{}"),
},
});
this.GroupWithPolicies = Output.Create<GroupWithPolicies>(groupWithPolicies);
}
[Output]
public Output<GroupWithPolicies> GroupWithPolicies { get; set; }
}
package main
import (
iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
groupWithPolicies, err := iam.NewGroupWithPolicies(ctx, "group-with-policies", &iam.GroupWithPoliciesArgs{
Name: pulumi.String("superadmins"),
GroupUsers: pulumi.ToStringArray([]string{"user1", "user2"}),
AttachIamSelfManagementPolicy: pulumi.BoolPtr(true),
CustomGroupPolicyArns: pulumi.ToStringArray([]string{"arn:aws:iam::aws:policy/AdministratorAccess"}),
CustomGroupPolicies: pulumi.ToStringMapArray([]map[string]string{
{
"name": "AllowS3Listing",
"policy": "{}",
},
}),
})
if err != nil {
return err
}
ctx.Export("groupWithPolicies", groupWithPolicies)
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_iam as iam
group_with_policies = iam.GroupWithPolicies(
'group_with_policies',
name='superadmins',
group_users=['user1','user2'],
attach_iam_self_management_policy=True,
custom_group_policy_arns=['arn:aws:iam::aws:policy/AdministratorAccess'],
custom_group_policies=[{
'name': 'AllowS3Listing',
'policy': '{}',
}],
)
pulumi.export('group_with_policies', group_with_policies)
import * as iam from "@pulumi/aws-iam";
export const groupWithPolicies = new iam.GroupWithPolicies("aws-iam-example-group-with-policies", {
name: "superadmins",
groupUsers: [ "user1", "user2" ],
attachIamSelfManagementPolicy: true,
customGroupPolicyArns: [ "arn:aws:iam::aws:policy/AdministratorAccess" ],
customGroupPolicies: [{
"name": "AllowS3Listing",
"policy": "{}",
}],
});
name: awsiam-yaml
runtime: yaml
resources:
groupWithPolicies:
type: "aws-iam:index:GroupWithPolicies"
properties:
name: "superadmins"
groupUsers:
- "user1"
- "user2"
attachIamSelfManagementPolicy: true
customGroupPolicyArns:
- "arn:aws:iam::aws:policy/AdministratorAccess"
customGroupPolicies:
- name: "AllowS3Listing"
policy: "{}"
outputs:
groupWithPolicies: ${groupWithPolicies}
Create GroupWithPolicies Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GroupWithPolicies(name: string, args: GroupWithPoliciesArgs, opts?: ComponentResourceOptions);
@overload
def GroupWithPolicies(resource_name: str,
args: GroupWithPoliciesArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GroupWithPolicies(resource_name: str,
opts: Optional[ResourceOptions] = None,
group_users: Optional[Sequence[str]] = None,
name: Optional[str] = None,
attach_iam_self_management_policy: Optional[bool] = None,
aws_account_id: Optional[str] = None,
custom_group_policies: Optional[Sequence[Mapping[str, str]]] = None,
custom_group_policy_arns: Optional[Sequence[str]] = None,
iam_self_management_policy_name_prefix: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewGroupWithPolicies(ctx *Context, name string, args GroupWithPoliciesArgs, opts ...ResourceOption) (*GroupWithPolicies, error)
public GroupWithPolicies(string name, GroupWithPoliciesArgs args, ComponentResourceOptions? opts = null)
public GroupWithPolicies(String name, GroupWithPoliciesArgs args)
public GroupWithPolicies(String name, GroupWithPoliciesArgs args, ComponentResourceOptions options)
type: aws-iam:GroupWithPolicies
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GroupWithPoliciesArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GroupWithPoliciesArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GroupWithPoliciesArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GroupWithPoliciesArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GroupWithPoliciesArgs
- The arguments to resource properties.
- options ComponentResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var groupWithPoliciesResource = new AwsIam.GroupWithPolicies("groupWithPoliciesResource", new()
{
GroupUsers = new[]
{
"string",
},
Name = "string",
AttachIamSelfManagementPolicy = false,
AwsAccountId = "string",
CustomGroupPolicies = new[]
{
{
{ "string", "string" },
},
},
CustomGroupPolicyArns = new[]
{
"string",
},
IamSelfManagementPolicyNamePrefix = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := awsiam.NewGroupWithPolicies(ctx, "groupWithPoliciesResource", &awsiam.GroupWithPoliciesArgs{
GroupUsers: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
AttachIamSelfManagementPolicy: pulumi.Bool(false),
AwsAccountId: pulumi.String("string"),
CustomGroupPolicies: pulumi.StringMapArray{
pulumi.StringMap{
"string": pulumi.String("string"),
},
},
CustomGroupPolicyArns: pulumi.StringArray{
pulumi.String("string"),
},
IamSelfManagementPolicyNamePrefix: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var groupWithPoliciesResource = new GroupWithPolicies("groupWithPoliciesResource", GroupWithPoliciesArgs.builder()
.groupUsers("string")
.name("string")
.attachIamSelfManagementPolicy(false)
.awsAccountId("string")
.customGroupPolicies(Map.of("string", "string"))
.customGroupPolicyArns("string")
.iamSelfManagementPolicyNamePrefix("string")
.tags(Map.of("string", "string"))
.build());
group_with_policies_resource = aws_iam.GroupWithPolicies("groupWithPoliciesResource",
group_users=["string"],
name="string",
attach_iam_self_management_policy=False,
aws_account_id="string",
custom_group_policies=[{
"string": "string",
}],
custom_group_policy_arns=["string"],
iam_self_management_policy_name_prefix="string",
tags={
"string": "string",
})
const groupWithPoliciesResource = new aws_iam.GroupWithPolicies("groupWithPoliciesResource", {
groupUsers: ["string"],
name: "string",
attachIamSelfManagementPolicy: false,
awsAccountId: "string",
customGroupPolicies: [{
string: "string",
}],
customGroupPolicyArns: ["string"],
iamSelfManagementPolicyNamePrefix: "string",
tags: {
string: "string",
},
});
type: aws-iam:GroupWithPolicies
properties:
attachIamSelfManagementPolicy: false
awsAccountId: string
customGroupPolicies:
- string: string
customGroupPolicyArns:
- string
groupUsers:
- string
iamSelfManagementPolicyNamePrefix: string
name: string
tags:
string: string
GroupWithPolicies Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GroupWithPolicies resource accepts the following input properties:
- Group
Users List<string> - List of IAM users to have in an IAM group which can assume the role.
- Name string
- Name of IAM group.
- Attach
Iam boolSelf Management Policy - Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
- Aws
Account stringId - AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
- Custom
Group List<ImmutablePolicies Dictionary<string, string>> - List of maps of inline IAM policies to attach to IAM group. Should have
name
andpolicy
keys in each element. - Custom
Group List<string>Policy Arns - List of IAM policies ARNs to attach to IAM group.
- Iam
Self stringManagement Policy Name Prefix - Name prefix for IAM policy to create with IAM self-management permissions.
- Dictionary<string, string>
- A map of tags to add.
- Group
Users []string - List of IAM users to have in an IAM group which can assume the role.
- Name string
- Name of IAM group.
- Attach
Iam boolSelf Management Policy - Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
- Aws
Account stringId - AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
- Custom
Group []map[string]stringPolicies - List of maps of inline IAM policies to attach to IAM group. Should have
name
andpolicy
keys in each element. - Custom
Group []stringPolicy Arns - List of IAM policies ARNs to attach to IAM group.
- Iam
Self stringManagement Policy Name Prefix - Name prefix for IAM policy to create with IAM self-management permissions.
- map[string]string
- A map of tags to add.
- group
Users List<String> - List of IAM users to have in an IAM group which can assume the role.
- name String
- Name of IAM group.
- attach
Iam BooleanSelf Management Policy - Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
- aws
Account StringId - AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
- custom
Group List<Map<String,String>>Policies - List of maps of inline IAM policies to attach to IAM group. Should have
name
andpolicy
keys in each element. - custom
Group List<String>Policy Arns - List of IAM policies ARNs to attach to IAM group.
- iam
Self StringManagement Policy Name Prefix - Name prefix for IAM policy to create with IAM self-management permissions.
- Map<String,String>
- A map of tags to add.
- group
Users string[] - List of IAM users to have in an IAM group which can assume the role.
- name string
- Name of IAM group.
- attach
Iam booleanSelf Management Policy - Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
- aws
Account stringId - AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
- custom
Group {[key: string]: string}[]Policies - List of maps of inline IAM policies to attach to IAM group. Should have
name
andpolicy
keys in each element. - custom
Group string[]Policy Arns - List of IAM policies ARNs to attach to IAM group.
- iam
Self stringManagement Policy Name Prefix - Name prefix for IAM policy to create with IAM self-management permissions.
- {[key: string]: string}
- A map of tags to add.
- group_
users Sequence[str] - List of IAM users to have in an IAM group which can assume the role.
- name str
- Name of IAM group.
- attach_
iam_ boolself_ management_ policy - Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
- aws_
account_ strid - AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
- custom_
group_ Sequence[Mapping[str, str]]policies - List of maps of inline IAM policies to attach to IAM group. Should have
name
andpolicy
keys in each element. - custom_
group_ Sequence[str]policy_ arns - List of IAM policies ARNs to attach to IAM group.
- iam_
self_ strmanagement_ policy_ name_ prefix - Name prefix for IAM policy to create with IAM self-management permissions.
- Mapping[str, str]
- A map of tags to add.
- group
Users List<String> - List of IAM users to have in an IAM group which can assume the role.
- name String
- Name of IAM group.
- attach
Iam BooleanSelf Management Policy - Whether to attach IAM policy which allows IAM users to manage their credentials and MFA.
- aws
Account StringId - AWS account id to use inside IAM policies. If empty, current AWS account ID will be used.
- custom
Group List<Map<String>>Policies - List of maps of inline IAM policies to attach to IAM group. Should have
name
andpolicy
keys in each element. - custom
Group List<String>Policy Arns - List of IAM policies ARNs to attach to IAM group.
- iam
Self StringManagement Policy Name Prefix - Name prefix for IAM policy to create with IAM self-management permissions.
- Map<String>
- A map of tags to add.
Outputs
All input properties are implicitly available as output properties. Additionally, the GroupWithPolicies resource produces the following output properties:
- group_
arn str - IAM group arn.
- group_
name str - IAM group name.
Package Details
- Repository
- aws-iam
- License