Important
You will need a StackGen Admin or DevOps access to run this command.
aws-iam-permissions
The stackgen upload aws-iam-permissions command allows you to upload custom AWS IAM role permissions that define access controls for AWS resources in your infrastructure.
Supported Cloud
AWS
Usage
stackgen upload aws-iam-permissions [flags]
Flags
| Flag | Description |
|---|---|
-p, --permission-file-path string | Path to AWS permission bundle file. |
-h, --help | Help for aws-iam-permissions |
Examples
stackgen upload aws-iam-permissions -p /path/to/permissions.json
This command will:
- Read the IAM permissions defined in the permissions.json file,
- Upload these permissions to the StackGen platform,
- Make them available for use with AWS resources in your topologies.
File Format
The IAM permissions file should be in JSON format and contain an array of permission objects. Here's an example:
[
{
"name": "ReaderCustom",
"resource_type": "aws_athena",
"description": "permission for read-only access to the athena",
"policy": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ReaderCustom",
"Effect": "Allow",
"Action": [
"athena:GetWorkGroup",
"athena:ListDataCatalogs",
"athena:ListDatabases",
"athena:ListTableMetadata",
"athena:ListWorkGroups"
],
"Resource": [
"module.module_name.wg_arn"
]
}
]
}
}
]
Each permission object in the array must include:
name: A unique identifier for the permission.resource_type: The AWS resource this permission applies to.description: A brief explanation of what the permission allows.policy: The AWS IAM policy document following standard AWS policy format.
Refer to the AWS Documentation for Creating an IAM Policy using a JSON editor.
note
- Uploaded IAM permissions can be referenced when configuring AWS resources.
- This command requires appropriate permissions to upload IAM policies.
- Validate your IAM policy JSON before uploading to avoid syntax errors.