diff --git a/snippets/pulumi.fish b/snippets/pulumi.fish index 6794f5b..269f51f 100644 --- a/snippets/pulumi.fish +++ b/snippets/pulumi.fish @@ -1,4 +1,4 @@ -#!fish +#!/usr/bin/env fish function pulumi-all-of-type pulumi stack export \ @@ -34,3 +34,6 @@ end # Get the URN (or other stuff) of resources that would be deleted pulumi preview --json | jq -r '.steps[]|select(.op=="delete").urn' - pulumi preview --json | jq -r '.steps[]|select(.op=="delete").oldState.id' - + +# Remove from the state all resources that would be deleted +pulumi preview --json | jq -r '.steps[]|select(.op=="delete").urn' - | xargs -n1 pulumi state delete --force diff --git a/snippets/pulumi.iam-groups-generation.ts b/snippets/pulumi.iam-groups-generation.ts new file mode 100644 index 0000000..d7a9888 --- /dev/null +++ b/snippets/pulumi.iam-groups-generation.ts @@ -0,0 +1,65 @@ +import * as aws from "@pulumi/aws"; + +const iamGroups = new Map(); +[ "business-intelligence", "engineering", "product" ].forEach( + (name: string) => iamGroups.set( + name, + new aws.iam.Group( + name, + { name: name }, + { + import: name, + protect: true, + }, + ), + ), +); + +const iamUsers = new Map(); +[ + { + name: "me", + groups: [ "engineering" ], + }, + { + name: "admin", + groups: [ + "business-intelligence", + "engineering", + "product", + ], + }, +].forEach( + (user: { name: string, groups: string[] }) => { + // Create the IAM user + const iamUser = new aws.iam.User( + user.name, + { name: user.name }, + { + ignoreChanges: [ + // tags are used to store the users' keys' id + "tags", + "tagsAll", + ], + import: user.name, + protect: true, + }, + ); + + // Add the IAM user to the 'users' Map + iamUsers.set(user.name, iamUser); + + // Add the user to the groups in its definition. + iamUser.name.apply(username => new aws.iam.UserGroupMembership( + username, + { + user: username, + groups: user.groups, + }, + { + import: `${username}/${user.groups.join('/')}`, + protect: true, + }, + )); + }, +);