Alchemy

Appearance

ResourcePolicy

The ResourcePolicy resource lets you manage AWS VpcLattice ResourcePolicys to control access to your resources. For more information, refer to the AWS VpcLattice ResourcePolicys documentation.

Minimal Example

Create a basic ResourcePolicy with the required properties to allow access from a specific IP range.

ts
import AWS from "alchemy/aws/control";

const resourcePolicy = await AWS.VpcLattice.ResourcePolicy("basicResourcePolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: "*",
        Action: "vpclattice:Access",
        Resource: "arn:aws:vpclattice:us-west-2:123456789012:service/my-service",
        Condition: {
          IpAddress: {
            "aws:SourceIp": "203.0.113.0/24"
          }
        }
      }
    ]
  },
  ResourceArn: "arn:aws:vpclattice:us-west-2:123456789012:resource/my-resource"
});

Advanced Configuration

Configure a ResourcePolicy with more complex IAM policy statements including multiple actions and conditions.

ts
const advancedResourcePolicy = await AWS.VpcLattice.ResourcePolicy("advancedResourcePolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: {
          AWS: "arn:aws:iam::123456789012:role/MyRole"
        },
        Action: [
          "vpclattice:Access",
          "vpclattice:Modify"
        ],
        Resource: "arn:aws:vpclattice:us-west-2:123456789012:service/my-service",
        Condition: {
          StringEquals: {
            "aws:RequestTag/Project": "ProjectX"
          }
        }
      }
    ]
  },
  ResourceArn: "arn:aws:vpclattice:us-west-2:123456789012:resource/my-resource",
  adopt: true // Adopts existing resource if it exists
});

Conditional Access Control

Set up a ResourcePolicy that allows access based on specific tags assigned to the resource.

ts
const taggedResourcePolicy = await AWS.VpcLattice.ResourcePolicy("taggedResourcePolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: "*",
        Action: "vpclattice:Access",
        Resource: "arn:aws:vpclattice:us-west-2:123456789012:service/my-service",
        Condition: {
          StringEquals: {
            "aws:ResourceTag/Environment": "Production"
          }
        }
      }
    ]
  },
  ResourceArn: "arn:aws:vpclattice:us-west-2:123456789012:resource/my-resource"
});

Using Adopt Option

Demonstrate how to create a ResourcePolicy while adopting an existing resource if it already exists.

ts
const adoptResourcePolicy = await AWS.VpcLattice.ResourcePolicy("adoptResourcePolicy", {
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: {
          AWS: "arn:aws:iam::123456789012:role/MyRole"
        },
        Action: "vpclattice:Access",
        Resource: "arn:aws:vpclattice:us-west-2:123456789012:service/my-service"
      }
    ]
  },
  ResourceArn: "arn:aws:vpclattice:us-west-2:123456789012:resource/my-resource",
  adopt: true // This will adopt the existing resource if it exists
});