ポリシー
ExamplePolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: Stmt01
Effect: Allow
Action:
- s3:ListObject
Resource:
- "*"グループ
ExampleGroup:
Type: AWS::IAM::Group
Properties:
GroupName: !Sub ${AWS::StackName}-testing
ManagedPolicyArns:
- !Ref ExamplePolicyユーザ
ExampleUser:
Type: AWS::IAM::User
Properties:
UserName: !Sub ${AWS::StackName}-testing
Groups:
- !Ref ExampleGroupロール
ExampleRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ${AWS::StackName}-testing
ManagedPolicyArns:
- !Ref AdminAccessPolicyArn
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole全体
Parameters:
AdminAccessPolicyARN:
Description: A role ARN of administorator access.
Type: String
Default: arn:aws:iam::aws:policy/AdministratorAccess
Resources:
ExamplePolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: Stmt01
Effect: Allow
Action:
- s3:ListObject
Resource:
- "*"
ExampleGroup:
Type: AWS::IAM::Group
Properties:
GroupName: !Sub ${AWS::StackName}-testing
ManagedPolicyArns:
- !Ref ExamplePolicy
ExampleUser:
Type: AWS::IAM::User
Properties:
UserName: !Sub ${AWS::StackName}-testing
Groups:
- !Ref ExampleGroup
ExampleRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ${AWS::StackName}-testing
ManagedPolicyArns:
- !Ref AdminAccessPolicyArn
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRoleResources:
TemporaryBucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: AuthenticatedRead