Last active
May 31, 2018 17:28
-
-
Save nivleshc/5f6ac0e03d46560cc030e70534d83e26 to your computer and use it in GitHub Desktop.
The roles and policies used to access the S3 bucket when deploying an Active Directory Domain Services using CloudFormation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Profile: | |
Type: 'AWS::IAM::InstanceProfile' | |
Properties: | |
Roles: | |
- !Ref HostRole | |
Path: / | |
InstanceProfileName: !Join | |
- '' | |
- - 'instance-profile-' | |
- !Ref S3BucketName | |
HostRole: | |
Type: 'AWS::IAM::Role' | |
Properties: | |
RoleName: !Join | |
- '' | |
- - 'role-s3-read-' | |
- !Ref S3BucketName | |
Policies: | |
- PolicyDocument: | |
Version: 2012-10-17 | |
Statement: | |
- Action: | |
- 's3:GetObject' | |
Resource: !Join | |
- '' | |
- - 'arn:aws:s3:::' | |
- !Ref S3BucketName | |
- '/*' | |
Effect: Allow | |
PolicyName: s3-policy-read | |
Path: / | |
AssumeRolePolicyDocument: | |
Statement: | |
- Action: | |
- 'sts:AssumeRole' | |
Principal: | |
Service: | |
- ec2.amazonaws.com | |
Effect: Allow | |
Version: 2012-10-17 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment