首頁 探索 說明
登入
LiuFan
/
PrivacyScanData
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 7f5c9939d1
分支列表 標籤列表
PrivacyScanD...
/
S3
/
new3
/
fractal-labs-main
/
cloudformations
/
1-iam-users.yml

1-iam-users.yml 2.5 KB
文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. AWSTemplateFormatVersion: '2010-09-09'
    2. 

  2. Metadata:
    3. 

  3.   License: Apache-2.0
    4. 

  4. Description: 'AWS CloudFormation Sample Template IAM_Users_Groups_and_Policies: Sample
    5. 

  5.   template showing how to create IAM users, groups and policies. It creates a single
    6. 

  6.   user that is a member of a users group and an admin group. The groups each have
    7. 

  7.   different IAM policies associated with them. Note: This example also creates an
    8. 

  8.   AWSAccessKeyId/AWSSecretKey pair associated with the new user. The example is somewhat
    9. 

  9.   contrived since it creates all of the users and groups, typically you would be creating
    10. 

  10.   policies, users and/or groups that contain references to existing users or groups
    11. 

  11.   in your environment. Note that you will need to specify the CAPABILITY_IAM flag
    12. 

  12.   when you create the stack to allow this template to execute. You can do this through
    13. 

  13.   the AWS management console by clicking on the check box acknowledging that you understand
    14. 

  14.   this template creates IAM resources or by specifying the CAPABILITY_IAM flag to
    15. 

  15.   the cfn-create-stack command line tool or CreateStack API call.'
    16. 

  16. Parameters:
    17. 

  17.   Password:
    18. 

  18.     NoEcho: 'true'
    19. 

  19.     Type: String
    20. 

  20.     Description: New account password
    21. 

  21.     MinLength: '1'
    22. 

  22.     MaxLength: '41'
    23. 

  23.     ConstraintDescription: the password must be between 1 and 41 characters
    24. 

  24. Resources:
    25. 

  25.   CFNUser:
    26. 

  26.     Type: AWS::IAM::User
    27. 

  27.     Properties:
    28. 

  28.       LoginProfile:
    29. 

  29.         Password: !Ref 'Password'
    30. 

  30.   CFNUserGroup:
    31. 

  31.     Type: AWS::IAM::Group
    32. 

  32.   CFNAdminGroup:
    33. 

  33.     Type: AWS::IAM::Group
    34. 

  34.   Users:
    35. 

  35.     Type: AWS::IAM::UserToGroupAddition
    36. 

  36.     Properties:
    37. 

  37.       GroupName: !Ref 'CFNUserGroup'
    38. 

  38.       Users: [!Ref 'CFNUser']
    39. 

  39.   Admins:
    40. 

  40.     Type: AWS::IAM::UserToGroupAddition
    41. 

  41.     Properties:
    42. 

  42.       GroupName: !Ref 'CFNAdminGroup'
    43. 

  43.       Users: [!Ref 'CFNUser']
    44. 

  44.   CFNUserPolicies:
    45. 

  45.     Type: AWS::IAM::Policy
    46. 

  46.     Properties:
    47. 

  47.       PolicyName: CFNUsers
    48. 

  48.       PolicyDocument:
    49. 

  49.         Statement:
    50. 

  50.         - Effect: Allow
    51. 

  51.           Action: ['cloudformation:Describe*', 'cloudformation:List*', 'cloudformation:Get*']
    52. 

  52.           Resource: '*'
    53. 

  53.       Groups: [!Ref 'CFNUserGroup']
    54. 

  54.   CFNAdminPolicies:
    55. 

  55.     Type: AWS::IAM::Policy
    56. 

  56.     Properties:
    57. 

  57.       PolicyName: CFNAdmins
    58. 

  58.       PolicyDocument:
    59. 

  59.         Statement:
    60. 

  60.         - Effect: Allow
    61. 

  61.           Action: cloudformation:*
    62. 

  62.           Resource: '*'
    63. 

  63.       Groups: [!Ref 'CFNAdminGroup']
    64. 

  64.   CFNKeys:
    65. 

  65.     Type: AWS::IAM::AccessKey
    66. 

  66.     Properties:
    67. 

  67.       UserName: !Ref 'CFNUser'
    68. 

  68. Outputs:
    69. 

  69.   AccessKey:
    70. 

  70.     Value: !Ref 'CFNKeys'
    71. 

  71.     Description: AWSAccessKeyId of new user
    72. 

  72.   SecretKey:
    73. 

  73.     Value: !GetAtt [CFNKeys, SecretAccessKey]
    74. 

  74.     Description: AWSSecretAccessKey of new user
    75.