IAM users and groups

Creates multiple IAM users and groups with different policies.

1

Votes

{
  "AWSTemplateFormatVersion" : "2010-09-09",

  "Description" : "AWS CloudFormation Sample Template IAM_Users_Groups_and_Policies: Sample template showing how to create IAM users, groups and policies. It creates a single user that is a member of a users group and an admin group. The groups each have different IAM policies associated with them. Note: This example also creates an AWSAccessKeyId/AWSSecretKey pair associated with the new user. The example is somewhat contrived since it creates all of the users and groups, typically you would be creating policies, users and/or groups that contain referemces to existing users or groups in your environment. Note that you will need to specify the CAPABILITY_IAM flag when you create the stack to allow this template to execute. You can do this through the AWS management console by clicking on the check box acknowledging that you understand this template creates IAM resources or by specifying the CAPABILITY_IAM flag to the cfn-create-stack command line tool or CreateStack API call. ",

  "Parameters" : {
    "Password": {
      "NoEcho": "true",
      "Type": "String",
      "Description" : "New account password",
      "MinLength": "1",
      "MaxLength": "41",
      "ConstraintDescription" : "the password must be between 1 and 41 characters"
    }
  },

  "Resources" : {
    "CFNUser" : {
      "Type" : "AWS::IAM::User",
      "Properties" : {
        "LoginProfile": {
          "Password": { "Ref" : "Password" }
        }
      }
    },

    "CFNUserGroup" : {
      "Type" : "AWS::IAM::Group"
    },

    "CFNAdminGroup" : {
      "Type" : "AWS::IAM::Group"
    },

    "Users" : {
      "Type" : "AWS::IAM::UserToGroupAddition",
      "Properties" : {
        "GroupName": { "Ref" : "CFNUserGroup" },
        "Users" : [ { "Ref" : "CFNUser" } ]
      }
    },

    "Admins" : {
      "Type" : "AWS::IAM::UserToGroupAddition",
      "Properties" : {
        "GroupName": { "Ref" : "CFNAdminGroup" },
        "Users" : [ { "Ref" : "CFNUser" } ]
      }
    },

    "CFNUserPolicies" : {
      "Type" : "AWS::IAM::Policy",
      "Properties" : {
        "PolicyName" : "CFNUsers",
        "PolicyDocument" : {
          "Statement": [{
            "Effect"   : "Allow",
            "Action"   : [
              "cloudformation:Describe*",
              "cloudformation:List*",
              "cloudformation:Get*"
              ],
            "Resource" : "*"
          }]
        },
        "Groups" : [{ "Ref" : "CFNUserGroup" }]
      }
    },

    "CFNAdminPolicies" : {
      "Type" : "AWS::IAM::Policy",
      "Properties" : {
        "PolicyName" : "CFNAdmins",
        "PolicyDocument" : {
          "Statement": [{
            "Effect"   : "Allow",
            "Action"   : "cloudformation:*",
            "Resource" : "*"
          }]
        },
        "Groups" : [{ "Ref" : "CFNAdminGroup" }]
      }
    },

    "CFNKeys" : {
      "Type" : "AWS::IAM::AccessKey",
      "Properties" : {
        "UserName" : { "Ref": "CFNUser" }
      }
    }
  },

  "Outputs" : {
    "AccessKey" : {
      "Value" : { "Ref" : "CFNKeys" },
      "Description" : "AWSAccessKeyId of new user"
    },
    "SecretKey" : {
      "Value" : { "Fn::GetAtt" : ["CFNKeys", "SecretAccessKey"]},
      "Description" : "AWSSecretKey of new user"
    }
  }
}

Vote Here

You must earn at least 1 vote on your snippets to be allowed to vote

Terms Of Use

Privacy Policy

Featured snippets are MIT license

Gears & Masters

Advertise

DevOpsnipp.com © 2020

medium.png