GroupPolicy
The GroupPolicy resource lets you manage AWS IAM GroupPolicies for controlling permissions associated with IAM groups.
Minimal Example
Section titled “Minimal Example”Create a basic IAM GroupPolicy with required properties.
import AWS from "alchemy/aws/control";
const basicGroupPolicy = await AWS.IAM.GroupPolicy("basicGroupPolicy", { GroupName: "Developers", PolicyName: "DeveloperAccess", PolicyDocument: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Action: ["s3:ListBucket", "s3:GetObject"], Resource: ["arn:aws:s3:::my-application-bucket/*"] } ] }});Advanced Configuration
Section titled “Advanced Configuration”Configure a GroupPolicy with additional permissions and a complex policy document.
const advancedGroupPolicy = await AWS.IAM.GroupPolicy("advancedGroupPolicy", { GroupName: "Admins", PolicyName: "AdminFullAccess", PolicyDocument: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Action: "*", Resource: "*" } ] }});Policy with Conditions
Section titled “Policy with Conditions”Create a GroupPolicy that restricts access based on conditions.
const conditionGroupPolicy = await AWS.IAM.GroupPolicy("conditionGroupPolicy", { GroupName: "Finance", PolicyName: "FinanceReadAccess", PolicyDocument: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Action: "s3:GetObject", Resource: "arn:aws:s3:::financial-reports/*", Condition: { StringEquals: { "s3:prefix": "2023/" } } } ] }});Policy for Specific IP Addresses
Section titled “Policy for Specific IP Addresses”Create a GroupPolicy that restricts access to specific IP addresses.
const ipRestrictedGroupPolicy = await AWS.IAM.GroupPolicy("ipRestrictedGroupPolicy", { GroupName: "NetworkAdmins", PolicyName: "NetworkAdminAccess", PolicyDocument: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Action: "ec2:*", Resource: "*", Condition: { IpAddress: { "aws:SourceIp": "203.0.113.0/24" } } } ] }});