IAM Template - TannerWeinacker/Capstone GitHub Wiki
---
AWSTemplateFormatVersion: '2010-09-09'
Resources:
IAMUser:
Type: AWS::IAM::User
Properties:
#!Sub is a substitution that will take the value of the stack that is being created. This will make the username unique
UserName: !Sub '${AWS::StackName}-user'
Policies:
- PolicyName: !Sub '${AWS::StackName}-user-policy'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'iam:CreateAccessKey'
- 'iam:ListAccessKeys'
- 'iam:GetUser'
# Account ID will be defined by the organization member that is running this template.
Resource: '*'
- Effect: Allow
Action:
- 'iam:GetLoginProfile'
- 'iam:ListMFADevices'
- 'iam:ListSSHPublicKeys'
- 'iam:ListAttachedUserPolicies'
- 'iam:ListGroups'
Resource: '*'
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-user'
IAMAccessKey:
Type: AWS::IAM::AccessKey
# DependsOn is a proptery that can be used to specify dependencies between resources in templates. In this example, this DependsOn will call back to the IAMUser Defined above
DependsOn: IAMUser
Properties:
UserName: !Ref IAMUser
Outputs:
IAMUserAccessKeyId:
Description: The access key ID for the IAM user
Value: !Ref IAMAccessKey
Export:
Name: !Sub '${AWS::StackName}-user-access-key-id'
IAMUserSecretAccessKey:
Description: The secret access key for the IAM user
Value: !GetAtt IAMAccessKey.SecretAccessKey
Export:
Name: !Sub '${AWS::StackName}-user-secret-access-key'
Some of these things will need to be defined like user-secret-access-key and other resources