Skip to content
Alchemy
GitHubXDiscord

ResourcePolicy

The ResourcePolicy resource lets you manage AWS XRay ResourcePolicys that define permissions for your XRay data.

Minimal Example

Section titled “Minimal Example”

Create a basic resource policy with required properties and one optional property.

import AWS from "alchemy/aws/control";


const basicResourcePolicy = await AWS.XRay.ResourcePolicy("basicPolicy", {
  PolicyName: "MyBasicPolicy",
  PolicyDocument: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: "*",
        Action: "xray:PutTelemetryRecords",
        Resource: "*"
      }
    ]
  }),
  BypassPolicyLockoutCheck: false
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a resource policy with a more complex IAM policy document that allows specific actions from a certain AWS account.

const advancedResourcePolicy = await AWS.XRay.ResourcePolicy("advancedPolicy", {
  PolicyName: "MyAdvancedPolicy",
  PolicyDocument: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: {
          AWS: "arn:aws:iam::123456789012:root"
        },
        Action: [
          "xray:PutTelemetryRecords",
          "xray:PutTraceSegments"
        ],
        Resource: "*"
      },
      {
        Effect: "Deny",
        Principal: "*",
        Action: "xray:DeleteTrace",
        Resource: "*"
      }
    ]
  }),
  BypassPolicyLockoutCheck: true
});

Policy with Specific CIDR Block

Section titled “Policy with Specific CIDR Block”

This example demonstrates creating a resource policy that restricts access to a specific CIDR block.

const cidrRestrictedPolicy = await AWS.XRay.ResourcePolicy("cidrPolicy", {
  PolicyName: "MyCIDRRestrictedPolicy",
  PolicyDocument: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: "*",
        Action: "xray:PutTelemetryRecords",
        Resource: "*",
        Condition: {
          IpAddress: {
            "aws:SourceIp": "203.0.113.0/24"
          }
        }
      }
    ]
  }),
  BypassPolicyLockoutCheck: false
});

Combining Policies

Section titled “Combining Policies”

This example shows how to combine multiple statements within a single resource policy for comprehensive permissions.

const combinedPolicy = await AWS.XRay.ResourcePolicy("combinedPolicy", {
  PolicyName: "MyCombinedPolicy",
  PolicyDocument: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: "*",
        Action: "xray:PutTelemetryRecords",
        Resource: "*"
      },
      {
        Effect: "Allow",
        Principal: {
          AWS: "arn:aws:iam::123456789012:role/MyXRayRole"
        },
        Action: "xray:PutTraceSegments",
        Resource: "*"
      }
    ]
  }),
  BypassPolicyLockoutCheck: true
});