Skip to content

Instantly share code, notes, and snippets.

@nivleshc
Last active May 31, 2018 17:28
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nivleshc/5f6ac0e03d46560cc030e70534d83e26 to your computer and use it in GitHub Desktop.
Save nivleshc/5f6ac0e03d46560cc030e70534d83e26 to your computer and use it in GitHub Desktop.
The roles and policies used to access the S3 bucket when deploying an Active Directory Domain Services using CloudFormation
Profile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Roles:
- !Ref HostRole
Path: /
InstanceProfileName: !Join
- ''
- - 'instance-profile-'
- !Ref S3BucketName
HostRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: !Join
- ''
- - 'role-s3-read-'
- !Ref S3BucketName
Policies:
- PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- 's3:GetObject'
Resource: !Join
- ''
- - 'arn:aws:s3:::'
- !Ref S3BucketName
- '/*'
Effect: Allow
PolicyName: s3-policy-read
Path: /
AssumeRolePolicyDocument:
Statement:
- Action:
- 'sts:AssumeRole'
Principal:
Service:
- ec2.amazonaws.com
Effect: Allow
Version: 2012-10-17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment