Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- AWSTemplateFormatVersion: 2010-09-09
- Description: ---
- create IAM user only access S3 bucket
- # validate
- - aws cloudformation validate-template --template-body file://template.yml
- # crete stack
- - aws cloudformation create-stack --stack-name S3IAMUser --template-body file://template.yml --capabilities CAPABILITY_NAMED_IAM
- # create changeset
- - aws cloudformation create-change-set --stack-name S3IAMUser --template-body file://template.yml --change-set-name S3IAMUser-changeset --capabilities CAPABILITY_NAMED_IAM
- # delete stack
- - aws cloudformation delete-stack --stack-name S3IAMUser
- Parameters:
- iamUserName:
- Type: String
- Default: "myknee-s3-user"
- Resources:
- iamUser:
- Type: AWS::IAM::User
- Properties:
- UserName: !Ref iamUserName
- Path: /s3/
- LoginProfile:
- Password: 8vZcLEccJK
- PasswordResetRequired: false
- Policies:
- - PolicyName: !Sub ${iamUserName}-policy
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Effect: Allow
- Action:
- - s3:ListBucket
- - s3:Get*
- - s3:Put*
- - s3:DeleteBucket
- Resource:
- - !Sub "arn:aws:s3:::${iamUserName}-personal-bucket"
- # - !Sub "arn:aws:s3:::${iamUserName}-personal-bucket/public/*"
- s3Bucket:
- Type: AWS::S3::Bucket
- Properties:
- AccessControl: Private
- BucketName: !Sub ${iamUserName}-personal-bucket
- Tags:
- - Key: CREATED_AT
- Value: 2019-04-13
- Outputs:
- s3BucketArn:
- Value: !GetAtt [s3Bucket, Arn]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement