Less annoying POLP IAM policies with strongly typed ts

By Ryan Romanchuk
On May 12, 2022

yarn add iam-floyd

import * as statement from 'iam-floyd';
const policy = {
  Version: '2012-10-17',
  Statement: [
    new statement.Codedeploy()
      .allow()
      .allReadActions()
      .compact()
      .toCreateDeployment()
      .toJSON(),
    new statement.Autoscaling()
      .allow()
      .toStartInstanceRefresh()
      .toJSON(),
    new statement.S3()
      .allow()
      .toGetObject()
      .toPutObject()
      .onBucket('personal-www')
      .onObject('personal-www', 'assets/*')
      .onObject('personal-www', 'sitemap.xml')
      .onObject('personal-www', 'robots.txt')
      .toJSON(),
  ],
};

var str = JSON.stringify(policy, null, 4);
console.log(str);

tsc iam.ts && node iam.js > iam.json
aws iam create-policy-version \
 --policy-arn $EC2_IAM_ROLE \
 --policy-document file://iam.json --set-as-default | jq '.'