Permission
The Permission resource allows you to manage AWS RAM Permissions that define the policies associated with resource sharing. This enables you to control access to shared resources effectively.
Minimal Example
Create a basic RAM Permission with required properties and a common optional tag.
ts
import AWS from "alchemy/aws/control";
const ramPermission = await AWS.RAM.Permission("basicRamPermission", {
resourceType: "AWS::S3::Bucket",
policyTemplate: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: "s3:GetObject",
Resource: "arn:aws:s3:::my-example-bucket/*"
}
]
},
tags: [
{
Key: "Environment",
Value: "Development"
}
],
name: "BasicPermission"
});Advanced Configuration
Configure a RAM Permission with a more complex policy template and multiple tags.
ts
const advancedRamPermission = await AWS.RAM.Permission("advancedRamPermission", {
resourceType: "AWS::EC2::Instance",
policyTemplate: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: ["ec2:StartInstances", "ec2:StopInstances"],
Resource: "arn:aws:ec2:us-west-2:123456789012:instance/*"
},
{
Effect: "Allow",
Action: "ec2:DescribeInstances",
Resource: "*"
}
]
},
tags: [
{
Key: "Project",
Value: "CloudMigration"
},
{
Key: "Owner",
Value: "DevTeam"
}
],
name: "AdvancedPermission"
});Custom Policy Example
Create a RAM Permission with a custom policy template that allows specific actions on a DynamoDB table.
ts
const dynamoDbPermission = await AWS.RAM.Permission("dynamoDbPermission", {
resourceType: "AWS::DynamoDB::Table",
policyTemplate: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: ["dynamodb:PutItem", "dynamodb:GetItem"],
Resource: "arn:aws:dynamodb:us-east-1:123456789012:table/MyExampleTable"
}
]
},
tags: [
{
Key: "Service",
Value: "DataProcessing"
}
],
name: "DynamoDbPermission"
});