Skip to content

Instantly share code, notes, and snippets.

@t04glovern
Created June 9, 2019 12:38
Show Gist options
  • Save t04glovern/c9a453cc6047fea01074a07754a98fdf to your computer and use it in GitHub Desktop.
Save t04glovern/c9a453cc6047fea01074a07754a98fdf to your computer and use it in GitHub Desktop.
IAM User - cloudformation - route53
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
Password:
NoEcho: 'true'
Type: String
Description: New account password
MinLength: '1'
MaxLength: '41'
ConstraintDescription: the password must be between 1 and 41 characters
Resources:
Route53User:
Type: AWS::IAM::User
Properties:
LoginProfile:
Password: !Ref 'Password'
Route53AdminGroup:
Type: AWS::IAM::Group
Admins:
Type: AWS::IAM::UserToGroupAddition
Properties:
GroupName: !Ref 'Route53AdminGroup'
Users: [!Ref 'Route53User']
Route53ChangePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: Route53Change
PolicyDocument:
Statement:
- Effect: Allow
Action: 'route53:ChangeResourceRecordSets'
Resource: 'arn:aws:route53:::hostedzone/*'
Groups: [!Ref 'Route53AdminGroup']
Route53ListPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: Route53List
PolicyDocument:
Statement:
- Effect: Allow
Action: ['route53:ListHostedZones', 'route53:ListResourceRecordSets']
Resource: '*'
Groups: [!Ref 'Route53AdminGroup']
Route53Keys:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref 'Route53User'
Outputs:
AccessKey:
Value: !Ref 'Route53Keys'
Description: AWSAccessKeyId of new user
SecretKey:
Value: !GetAtt [Route53Keys, SecretAccessKey]
Description: AWSSecretAccessKey of new user
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment