Pulumi is Modern Infrastructure as Code. With the Pulumi Platform, you can declare cloud infrastructure using real programming languages, like Go. Using Go, rather than needing to learn yet-another YAML or DSL dialect enables modern approaches to cloud applications and infrastructure as code. Such an approach allows developers to master the Go toolchain and use their set of frameworks, and go to any cloud — AWS, Azure, GCP, or Kubernetes — with ease. However, in those YAML and DSL dialects, there are definitely a few awesome helper methods that allow developers to save a little time. This Go library has a collection of those helper methods to allow developers to use Pulumi, while also saving developers a bit of time.
AWS SAM allows you to choose from a list of policy templates to scope the permissions of your Lambda functions to the resources that are used by your application. The sampolicy package wraps the policy templates in a format to be used with Pulumi (or virtually any other type of Go app where you need AWS IAM policy templates).
To use the templates, you need to import the sampolicies package, create a new Factory, and add templates to factory.
package main
import (
"fmt"
// Import the sampolicies package
"github.com/retgits/pulumi-helpers/sampolicies"
)
func main() {
// Create a new factory with your AWS Account ID, AWS Partition, and the region you want to create policies for
iamFactory := sampolicies.NewFactory().WithAccountID("01234567890").WithPartition("aws").WithRegion("us-west-2")
// Add policies to the factory
iamFactory.AddAthenaQueryPolicy()
// Create the policy document (this method returns an error if AWS Account ID, AWS Partition, or region is not set)
policy, _ := iamFactory.GetPolicyStatement()
// Print the policy statement
fmt.Println(policy)
// Remove all policies so you can begin with a clean slate
iamFactory.ClearPolicies()
// Add a new policy to the factory
iamFactory.AddAWSSecretsManagerRotationPolicy()
// Create the policy document
policy, _ = iamFactory.GetPolicyStatement()
// Print the policy statement
fmt.Println(policy)
}The policies are generated from the develop branch of the Serverless Application Model repository, using the generator. This little app will create the policies.go file and tell which policies need to be updated manually because they resulted in an error.
Right now, there are nine (9) policies that result in some error processing:
- DynamoDBCrudPolicy
- DynamoDBWritePolicy
- S3FullAccessPolicy
- S3WritePolicy
- S3CrudPolicy
- S3ReadPolicy
- PollyFullAccessPolicy
- ServerlessRepoReadWriteAccessPolicy
- DynamoDBReadPolicy
Builder helps with generating zip files for AWS Lambda functions. The builder package assumes that running "go build" will suffice to build the executable and will create a zipfile with the same name as the parent.
To use the builder, you need to import the builder package, create a new Factory, and either call Zip() or Build().
package main
import (
// Import the builder package
"github.com/retgits/pulumi-helpers/builder"
)
func main() {
// Create a new factory
factory := builder.NewFactory().WithFolder("../sampolicies")
// Run go build and panic if an error is returned
factory.MustBuild()
// Run zip and panic if an error is returned
factory.MustZip()
}Pull requests are welcome in their individual repositories. For major changes or questions, please open an issue first to discuss what you would like to change.
See the LICENSE file in the repository.