Skip to content

Instantly share code, notes, and snippets.

@omenking

omenking/env0-assume-role.md

Created August 11, 2022 16:06
Show Gist options
  • Save omenking/946f3d8f39324ccea2dde8ce5b5e0b54 to your computer and use it in GitHub Desktop.
Save omenking/946f3d8f39324ccea2dde8ce5b5e0b54 to your computer and use it in GitHub Desktop.
Download ZIP
Env0 Assume Role
Raw
env0-assume-role.md 
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
  ExternalId:
    Type: String
    Default: external-id
Resources:
  AssumeRole:
    Type: AWS::IAM::Role
    Properties: 
      RoleName: Env0-AssumeRole
      Description: |
        Used by Env0 to automate the deployment of Infrastructure from a Verison Control System
      AssumeRolePolicyDocument: !Sub |
        {"Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Action": "sts:AssumeRole",
                    "Principal": {
                        "AWS": "913128560467"
                    },
                    "Condition": {
                        "StringEquals": {
                            "sts:ExternalId": "${ExternalId}"
                        }
                    }
                }
            ]
        }
      ManagedPolicyArns: 
        - arn:aws:iam::aws:policy/AdministratorAccess
      MaxSessionDuration: 18000
      Tags: 
        - Key: Owner
          Value: Env0
Outputs:
  ExternalId:
    Value: !Ref ExternalId
    Description: "ExternalID for Env0"
  AssumeRoleArn:
    Value: !GetAtt AssumeRole.Arn
aws cloudformation deploy \
--stack-name assume-role-env0 \
--template-file ./assume-role-env0.yml \
--capabilities CAPABILITY_NAMED_IAM \
--parameter-overrides ExternalId=env0-43284
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment