skip to content
Astro Cactus

AWS Infrastructure with CDK - Part 6: IAM & Security

/ 1 min read

terraform , cdk , typescript , aws , iam , security , series:terraform-cdk-aws:6

Series Navigation

IAM Security

IAM Roles

Create IAM roles for the EKS cluster and RDS database.

import * as iam from 'aws-cdk-lib/aws-iam';


const eksRole = new iam.Role(this, 'EKSRole', {
  assumedBy: new iam.ServicePrincipal('eks.amazonaws.com'),
});


const rdsRole = new iam.Role(this, 'RDSRole', {
  assumedBy: new iam.ServicePrincipal('rds.amazonaws.com'),
});

IAM Policies

Create IAM policies for the EKS cluster and RDS database.

import * as iam from 'aws-cdk-lib/aws-iam';


const eksPolicy = new iam.Policy(this, 'EKSPolicy', {
  statements: [
    new iam.PolicyStatement({
      effect: iam.Effect.ALLOW,
      actions: ['eks:*'],
      resources: ['*'],
    }),
  ],
});


const rdsPolicy = new iam.Policy(this, 'RDSPolicy', {
  statements: [
    new iam.PolicyStatement({
      effect: iam.Effect.ALLOW,
      actions: ['rds:*'],
      resources: ['*'],
    }),
  ],
});

Attach Policies to Roles

Attach the IAM policies to the IAM roles.

eksRole.attachInlinePolicy(eksPolicy);
rdsRole.attachInlinePolicy(rdsPolicy);

Next Steps

In Part 7: CI/CD Pipeline, we’ll create CI/CD pipelines for our infrastructure using GitHub Actions, GitLab CI, and other popular tools.