(iam): how to create combined managed policy?
See original GitHub issueIs there a way to create combined policy using CDK?
Use Case
I’m trying to import (AWS or customer) managed policies into a new managed policy. I couldn’t find any info regarding how to do this.
This is needed to cope with size limitations (e.g. number of policies in a group).
Other
As a workaround I did this:
const myManagedPolicy = ...;
const myCombinedPolicy = new iam.ManagedPolicy(this, "MyCombinedPolicy", {
statements: myManagedPolicy.document.toJSON().Statement.map((s: any) => iam.PolicyStatement.fromJson(s))
});
This works fine, but has two limitations:
- I can’t assign any SID to the statements.
- It won’t work with AWS managed policy (since they’re of type
iam.IManagedPolicy
)
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Creating IAM policies - AWS Identity and Access Management
Identity-based policies can include AWS managed policies, customer managed policies, and inline policies. AWS managed policies are created and managed by AWS.
Read more >AWS IAM Policies : Best Practices & Creating an ... - Spacelift
Policies : To manage access on AWS we generate IAM policies that define ... IAM Policies are built using a combination of the...
Read more >How do I attach an IAM managed policy to an IAM role in AWS ...
For more details see the Knowledge Center article with this video: https://amzn.to/2qBxFYmZainub shows you how to attach an IAM managed ...
Read more >Managing AWS IAM With Terraform: Part 1 - GitGuardian Blog
2 Create Admin Group/User · create a group intended for administrators · read the ARN of the "AdministratorAccess," which is an AWS-managed policy...
Read more >IAM Policy Examples in AWS CDK - Complete Guide
IAM Policies define specific permissions needed to access AWS resources and can be associated with IAM users, roles or groups. In order to...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
There is a history of adding lookup functions to contexts: https://docs.aws.amazon.com/cdk/latest/guide/context.html#context_methods . Maybe managed policy lookups can be added to the list?
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.