Ana Sayfa Keşfet Yardım
Giriş Yap
LiuFan
/
PrivacyScanData
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Ağaç: 7f5c9939d1
Dallar Biçim İmleri
PrivacyScanD...
/
S3
/
new3
/
fractal-labs-main
/
cloudformations
/
1-iam-users.yml

1-iam-users.yml 2.5 KB
Geçmiş Ham

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. AWSTemplateFormatVersion: '2010-09-09'
    2. 

  2. Metadata:
    3. 

  3.   License: Apache-2.0
    4. 

  4. Description: 'AWS CloudFormation Sample Template IAM_Users_Groups_and_Policies: Sample
    5. 

  5.   template showing how to create IAM users, groups and policies. It creates a single
    6. 

  6.   user that is a member of a users group and an admin group. The groups each have
    7. 

  7.   different IAM policies associated with them. Note: This example also creates an
    8. 

  8.   AWSAccessKeyId/AWSSecretKey pair associated with the new user. The example is somewhat
    9. 

  9.   contrived since it creates all of the users and groups, typically you would be creating
    10. 

  10.   policies, users and/or groups that contain references to existing users or groups
    11. 

  11.   in your environment. Note that you will need to specify the CAPABILITY_IAM flag
    12. 

  12.   when you create the stack to allow this template to execute. You can do this through
    13. 

  13.   the AWS management console by clicking on the check box acknowledging that you understand
    14. 

  14.   this template creates IAM resources or by specifying the CAPABILITY_IAM flag to
    15. 

  15.   the cfn-create-stack command line tool or CreateStack API call.'
    16. 

  16. Parameters:
    17. 

  17.   Password:
    18. 

  18.     NoEcho: 'true'
    19. 

  19.     Type: String
    20. 

  20.     Description: New account password
    21. 

  21.     MinLength: '1'
    22. 

  22.     MaxLength: '41'
    23. 

  23.     ConstraintDescription: the password must be between 1 and 41 characters
    24. 

  24. Resources:
    25. 

  25.   CFNUser:
    26. 

  26.     Type: AWS::IAM::User
    27. 

  27.     Properties:
    28. 

  28.       LoginProfile:
    29. 

  29.         Password: !Ref 'Password'
    30. 

  30.   CFNUserGroup:
    31. 

  31.     Type: AWS::IAM::Group
    32. 

  32.   CFNAdminGroup:
    33. 

  33.     Type: AWS::IAM::Group
    34. 

  34.   Users:
    35. 

  35.     Type: AWS::IAM::UserToGroupAddition
    36. 

  36.     Properties:
    37. 

  37.       GroupName: !Ref 'CFNUserGroup'
    38. 

  38.       Users: [!Ref 'CFNUser']
    39. 

  39.   Admins:
    40. 

  40.     Type: AWS::IAM::UserToGroupAddition
    41. 

  41.     Properties:
    42. 

  42.       GroupName: !Ref 'CFNAdminGroup'
    43. 

  43.       Users: [!Ref 'CFNUser']
    44. 

  44.   CFNUserPolicies:
    45. 

  45.     Type: AWS::IAM::Policy
    46. 

  46.     Properties:
    47. 

  47.       PolicyName: CFNUsers
    48. 

  48.       PolicyDocument:
    49. 

  49.         Statement:
    50. 

  50.         - Effect: Allow
    51. 

  51.           Action: ['cloudformation:Describe*', 'cloudformation:List*', 'cloudformation:Get*']
    52. 

  52.           Resource: '*'
    53. 

  53.       Groups: [!Ref 'CFNUserGroup']
    54. 

  54.   CFNAdminPolicies:
    55. 

  55.     Type: AWS::IAM::Policy
    56. 

  56.     Properties:
    57. 

  57.       PolicyName: CFNAdmins
    58. 

  58.       PolicyDocument:
    59. 

  59.         Statement:
    60. 

  60.         - Effect: Allow
    61. 

  61.           Action: cloudformation:*
    62. 

  62.           Resource: '*'
    63. 

  63.       Groups: [!Ref 'CFNAdminGroup']
    64. 

  64.   CFNKeys:
    65. 

  65.     Type: AWS::IAM::AccessKey
    66. 

  66.     Properties:
    67. 

  67.       UserName: !Ref 'CFNUser'
    68. 

  68. Outputs:
    69. 

  69.   AccessKey:
    70. 

  70.     Value: !Ref 'CFNKeys'
    71. 

  71.     Description: AWSAccessKeyId of new user
    72. 

  72.   SecretKey:
    73. 

  73.     Value: !GetAtt [CFNKeys, SecretAccessKey]
    74. 

  74.     Description: AWSSecretAccessKey of new user
    75.