Closed cgcompassion closed 5 months ago
@cgcompassion yeah you can achieve it using $transform
.
I added an example here https://ion.sst.dev/docs/examples/#iam-permissions-boundaries
Feel free to reopen this issue if the example doesn't work for you.
Anyone know the correct way to add a custom Permission Boundary to all IAM roles that might be created by SST, now that we are no longer using CF?
The way I used to do this is:
in conjunction with:
Due to our AWS Org Settings, all deploys will fail unless the IAM roles have this boundary attached. I'm struggling trying to figure out how to do this in the new world of Pulumi.
I assume it can be done in the global
$transform
function, but I can't find any clarity in the docs on how to do that.