Skip to content
Alchemy
GitHubXDiscord

UserPolicy

The UserPolicy resource allows you to manage AWS IAM User Policies that grant permissions to AWS IAM users. This resource enables you to define fine-grained access control to AWS services and resources.

Minimal Example

Section titled “Minimal Example”

Create a basic IAM User Policy that grants permissions to list S3 buckets.

import AWS from "alchemy/aws/control";


const userPolicy = await AWS.IAM.UserPolicy("basicUserPolicy", {
  UserName: "johnDoe",
  PolicyName: "S3ListPolicy",
  PolicyDocument: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: "s3:ListAllMyBuckets",
        Resource: "*"
      }
    ]
  }
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure an IAM User Policy with multiple permissions for S3 and DynamoDB.

const advancedUserPolicy = await AWS.IAM.UserPolicy("advancedUserPolicy", {
  UserName: "janeDoe",
  PolicyName: "S3AndDynamoDBPolicy",
  PolicyDocument: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: [
          "s3:GetObject",
          "s3:PutObject"
        ],
        Resource: "arn:aws:s3:::my-bucket/*"
      },
      {
        Effect: "Allow",
        Action: "dynamodb:Query",
        Resource: "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable"
      }
    ]
  }
});

Policy with Conditions

Section titled “Policy with Conditions”

Create a policy that restricts access based on request conditions, such as IP address.

const conditionalUserPolicy = await AWS.IAM.UserPolicy("conditionalUserPolicy", {
  UserName: "aliceSmith",
  PolicyName: "RestrictedAccessPolicy",
  PolicyDocument: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: "s3:GetObject",
        Resource: "arn:aws:s3:::my-bucket/*",
        Condition: {
          "IpAddress": {
            "aws:SourceIp": "203.0.113.0/24"
          }
        }
      }
    ]
  }
});

Policy with Multiple Statements

Section titled “Policy with Multiple Statements”

Define a policy that allows multiple actions across different services.

const multiStatementUserPolicy = await AWS.IAM.UserPolicy("multiStatementUserPolicy", {
  UserName: "bobJohnson",
  PolicyName: "MultiServiceAccessPolicy",
  PolicyDocument: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: "s3:*",
        Resource: "arn:aws:s3:::my-bucket/*"
      },
      {
        Effect: "Allow",
        Action: "dynamodb:*",
        Resource: "arn:aws:dynamodb:us-east-1:123456789012:table/MyTable"
      }
    ]
  }
});