Last active
March 28, 2019 16:25
-
-
Save dmennis/ab999a2c56f3f0d4168e47524d9a7dd2 to your computer and use it in GitHub Desktop.
A CloudFormation template to create an Amplify IAM user, inline IAM policy, and credentials (key/secret) to be used with the Amplify CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: "This template is used by the master organizations account to provision a new IAM User, assign an IAM Policy, and get credentials to build apps using AWS Amplify" | |
| Resources: | |
| # This will create a new IAM User with enough privileges for an AWS Amplify developer to build cloud-enabled apps using the Amplify CLI, Amplify Console, AppSync, APIGW, Lambda, Pinpoint, and DynamoDB | |
| AWSAmplifyDeveloperIAMUser: | |
| Type: "AWS::IAM::User" | |
| Properties: | |
| LoginProfile: | |
| Password: "AmplifyH@ck$" | |
| PasswordResetRequired: false | |
| UserName: "AWSAmplifyDeveloperIAMUser" | |
| Policies: | |
| - PolicyName: AWSAmplifyDeveloperIAMPolicy | |
| PolicyDocument: | |
| Version: '2012-10-17' | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: | |
| - "apigateway:*" | |
| - "amplify:*" | |
| - "appsync:*" | |
| - "cloud9:*" | |
| - "logs:*" | |
| - "cognito-identity:*" | |
| - "cognito-idp:*" | |
| - "devicefarm:*" | |
| - "dynamodb:*" | |
| - "lambda:*" | |
| - "mobiletargeting:*" | |
| - "s3:*" | |
| - "cloudformation:*" | |
| - "iam:*" | |
| Resource: | |
| - "*" | |
| # Get access key and secret for IAM User: AWSAmplifyDeveloperIAMUser | |
| AWSAmplifyDeveloperIAMUserCreds: | |
| Type: AWS::IAM::AccessKey | |
| Properties: | |
| UserName: | |
| !Ref AWSAmplifyDeveloperIAMUser | |
| # Use these credentials from the CloudFormation Console Output and paste into Amplify CLI configuration | |
| Outputs: | |
| AmplifyIAMUserAccessKey: | |
| Value: !Ref AWSAmplifyDeveloperIAMUserCreds | |
| Description: "AWSAmplifyDeveloperIAMUser ACCESS KEY ID" | |
| AmplifyIAMUserSecretAccessKey: | |
| Value: !GetAtt AWSAmplifyDeveloperIAMUserCreds.SecretAccessKey | |
| Description: "AWSAmplifyDeveloperIAMUser SECRET KEY ID" | |
| AWSConsoleLoginURL: | |
| Value: | |
| !Sub 'https://${AWS::AccountId}.signin.aws.amazon.com/console' | |
| Description: "Use this URL to log into your account via the AWS Management Console for IAM user: AWSAmplifyDeveloperIAMUser" | |
| AWSConsolePassword: | |
| Value: "AmplifyH@ck$" | |
| Description: "Password for IAM User: AWSAmplifyDeveloperIAMUser for the AWS Management Console" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment