Skip to content

Instantly share code, notes, and snippets.

@josjaf

josjaf/gist:fcdfab901f0de696de11e3bb9937eaba

Created August 12, 2019 02:44
Show Gist options
  • Save josjaf/fcdfab901f0de696de11e3bb9937eaba to your computer and use it in GitHub Desktop.
Save josjaf/fcdfab901f0de696de11e3bb9937eaba to your computer and use it in GitHub Desktop.
Download ZIP
iam_role
Raw
gistfile1.txt
from aws_cdk import (
aws_iam as aws_iam,
aws_s3 as aws_s3,
core,
)
class IAMRole(core.Stack):
def __init__(self, app: core.App, id: str) -> None:
super().__init__(app, id)
bucket = aws_s3.Bucket(
self, "bucket")
role = aws_iam.Role(
self, "cdkec2role",
assumed_by=aws_iam.CompositePrincipal(
aws_iam.ServicePrincipal('ec2.amazonaws.com'),
aws_iam.AccountRootPrincipal()
),
max_session_duration=core.Duration.hours(4),
managed_policies=[aws_iam.ManagedPolicy.from_aws_managed_policy_name('AdministratorAccess')],
inline_policies={
"root": aws_iam.PolicyDocument(
statements=[
aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=['s3:*'],
resources=['*']
),
aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=['s3:*'],
resources=[bucket.bucket_arn]
)
]
)
}
)
policy = aws_iam.Policy(
self, "rolepolicies",
policy_name='cdk',
statements=[
aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=['s3:*'],
resources=['*']
),
aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
's3:*',
'ec2:*'
],
resources=[bucket.bucket_arn]
)
],
roles=[
role
]
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment