Skip to content

Instantly share code, notes, and snippets.

@tvon

tvon/aws-bootstrap.rb

Last active Aug 29, 2015
Embed
What would you like to do?
require 'aws'
require 'json'
# Set the following environment variables:
#
# PROJECT_NAME=""
# AWS_ACCESS_KEY_ID=""
# AWS_SECRET_ACCESS_KEY=""
#
# If so desired:
# AWS_REGION='us-west-2'
#
# For PROJECT_NAME="example" creates example-staging and example-production buckets
# as well as example-staging and example-production users, each having RW access to
# their like named bucket.
#
# Credentials are generated and printed to stdout.
#
project = ENV['PROJECT_NAME'] || 'example'
puts "Bootstrapping AWS for #{project}"
environments = ['staging', 'production', 'tom', 'ara'].map { |env| "#{project}-#{env}" }
s3 = AWS::S3.new
new_buckets = environments - s3.buckets.map { |b| b.name }
new_buckets.each do |name|
puts "Creating bucket: #{name}"
s3.buckets.create(name)
end
iam = AWS::IAM.new
users = environments - iam.users.map { |u| u.name }
users.each do |name|
puts "Creating user: #{name}"
iam.users.create(name)
end
environments.each do |env|
user = iam.users[env]
# NOTE: OO policies can be created via AWS::IAM::Policy
policy = {
"Version" => "2012-10-17",
"Statement" => [{
"Effect" => "Allow",
"Action" => "s3:*",
"Resource" => [
"arn:aws:s3:::#{env}",
"arn:aws:s3:::#{env}/*"
]
}]
}
puts "Assigning read/write policy for #{env} bucket to #{env} user"
user.policies['ReadWriteBuckets'] = policy
if user.access_keys.first
puts "#{env} already has credentials"
else
key = user.access_keys.create
puts "#{env} credentials:"
puts %{AWS_ACCESS_KEY_ID="#{key.credentials[:access_key_id]}"}
puts %{AWS_SECRET_ACCESS_KEY="#{key.credentials[:secret_access_key]}"}
end
end
@oestrich

This comment has been minimized.

Copy link

@oestrich oestrich commented May 8, 2014

Users can't list out buckets with this policy. It might be worth it to add:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "*"
    }
  ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment