Role
The Role resource lets you create and manage AWS IAM Roles that define permissions for AWS services and users.
Minimal Example
Create a basic Lambda execution role with permissions to write logs:
ts
import { Role } from "alchemy/aws";
const role = await Role("lambda-role", {
roleName: "lambda-role",
assumeRolePolicy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
Service: "lambda.amazonaws.com",
},
Action: "sts:AssumeRole",
},
],
},
policies: [
{
policyName: "logs",
policyDocument: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
Resource: "*",
},
],
},
},
],
});With Managed Policies
Attach AWS managed policies to grant common permissions:
ts
import { Role } from "alchemy/aws";
const role = await Role("readonly-role", {
roleName: "readonly-role",
assumeRolePolicy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
Service: "lambda.amazonaws.com",
},
Action: "sts:AssumeRole",
},
],
},
managedPolicyArns: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
});Multiple Inline Policies
Create a role with multiple inline policies and custom session duration:
ts
import { Role } from "alchemy/aws";
const role = await Role("custom-role", {
roleName: "custom-role",
assumeRolePolicy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
Service: "lambda.amazonaws.com",
},
Action: "sts:AssumeRole",
},
],
},
maxSessionDuration: 7200,
policies: [
{
policyName: "logs",
policyDocument: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
Resource: "*",
},
],
},
},
{
policyName: "s3",
policyDocument: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: "s3:ListBucket",
Resource: "*",
},
],
},
},
],
});