fxaguessy

# Create policy allowing users to manage only their own virtual MFA devices
# cf. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_delegate-permissions_examples.html#creds-policies-mfa-console

mfaResource = "arn:aws:iam::" + {account.id} + ":mfa/${aws:username}"
userResource = "arn:aws:iam::" + {account.id} + ":user/${aws:username}"

policy = create policy name=ManageOwnMFADevice effect=allow action=[iam:CreateVirtualMFADevice,iam:EnableMFADevice,iam:ResyncMFADevice,iam:DeleteVirtualMFADevice] resource=$mfaResource,$userResource
update policy arn=$policy effect=allow action=iam:DeactivateMFADevice resource=[$mfaResource,$userResource] conditions="aws:MultiFactorAuthPresent==true"
update policy arn=$policy effect=allow action=[iam:ListMFADevices,iam:ListVirtualMFADevices,iam:ListUsers] resource=*

fxaguessy

# Filename: "wordpress-with-S3-plugin.aws"
# Template variables for userdata script
dbhost={dbhost}
dbpassword={dbpassword}
wordpressUrl={wordpress.url}
wordpressEmail={wordpress.email}
wordpressPassword={wordpress.password}
cloudfrontURL={cdn.URL}
dbuser=wordpress
dbname=wordpress

fxaguessy

Keybase proof

I hereby claim:

• I am fxaguessy on github.
• I am fxaguessy (https://keybase.io/fxaguessy) on keybase.
• I have a public key whose fingerprint is FE2E 61AD A934 08DC 9698 CF7E FAD5 824B EA9E AE53

To claim this, I am signing this object: