t/cfn_yaml/IAM_Users_Groups_and_Policies.yaml

AWSTemplateFormatVersion: '2010-09-09'
Metadata:
  License: Apache-2.0
Description: 'AWS CloudFormation Sample Template IAM_Users_Groups_and_Policies: Sample
  template showing how to create IAM users, groups and policies. It creates a single
  user that is a member of a users group and an admin group. The groups each have
  different IAM policies associated with them. Note: This example also creates an
  AWSAccessKeyId/AWSSecretKey pair associated with the new user. The example is somewhat
  contrived since it creates all of the users and groups, typically you would be creating
  policies, users and/or groups that contain references to existing users or groups
  in your environment. Note that you will need to specify the CAPABILITY_IAM flag
  when you create the stack to allow this template to execute. You can do this through
  the AWS management console by clicking on the check box acknowledging that you understand
  this template creates IAM resources or by specifying the CAPABILITY_IAM flag to
  the cfn-create-stack command line tool or CreateStack API call.'
Parameters:
  Password:
    NoEcho: 'true'
    Type: String
    Description: New account password
    MinLength: '1'
    MaxLength: '41'
    ConstraintDescription: the password must be between 1 and 41 characters
Resources:
  CFNUser:
    Type: AWS::IAM::User
    Properties:
      LoginProfile:
        Password: !Ref 'Password'
  CFNUserGroup:
    Type: AWS::IAM::Group
  CFNAdminGroup:
    Type: AWS::IAM::Group
  Users:
    Type: AWS::IAM::UserToGroupAddition
    Properties:
      GroupName: !Ref 'CFNUserGroup'
      Users: [!Ref 'CFNUser']
  Admins:
    Type: AWS::IAM::UserToGroupAddition
    Properties:
      GroupName: !Ref 'CFNAdminGroup'
      Users: [!Ref 'CFNUser']
  CFNUserPolicies:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: CFNUsers
      PolicyDocument:
        Statement:
        - Effect: Allow
          Action: ['cloudformation:Describe*', 'cloudformation:List*', 'cloudformation:Get*']
          Resource: '*'
      Groups: [!Ref 'CFNUserGroup']
  CFNAdminPolicies:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: CFNAdmins
      PolicyDocument:
        Statement:
        - Effect: Allow
          Action: cloudformation:*
          Resource: '*'
      Groups: [!Ref 'CFNAdminGroup']
  CFNKeys:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName: !Ref 'CFNUser'
Outputs:
  AccessKey:
    Value: !Ref 'CFNKeys'
    Description: AWSAccessKeyId of new user
  SecretKey:
    Value: !GetAtt [CFNKeys, SecretAccessKey]
    Description: AWSSecretAccessKey of new user

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Keyboard Shortcuts