-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCreateUser.yml
71 lines (54 loc) · 1.66 KB
/
CreateUser.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
AWSTemplateFormatVersion: "2010-09-09"
Description: "Developers Group And Users"
Resources:
DevelopersGroup: #Logical ID of the Resource ( Creating a Group for our Users )
Type: "AWS::IAM::Group"
Properties:
GroupName: "Developers"
EC2LimitedAccessPolicy: # EC2 Limited Access Policy for Group
Type: "AWS::IAM::ManagedPolicy"
Properties:
ManagedPolicyName: "EC2LimitedAccess"
PolicyDocument:
Version: "2012-10-17"
Statement:
# Allow Developers to Launch, Start , Stop EC2 Instance
- Effect: "Allow"
Action:
- "ec2:RunInstances"
- "ec2:StartInstances"
- "ec2:StopInstances"
Resource: "*"
Condition:
StringEquals:
ec2:InstanceType:
-"t2.small"
-"t2.medium"
# Allow Developers to maintain their own Access Keys and Passwords
- Effect: "Allow"
Action :
- "iam:*Accesskey*"
- "iam:ChangePassword"
Resource:
Fn::Join: [":",["arn:aws:iam:", !Ref "AWS::AccountId", "user/${aws:username}"]]
Groups:
- "Developers"
# User Creation
UserAnusha:
Type: "AWS::IAM::User"
Properties:
UserName: "Anusha"
LoginProfile:
Password: "CH@NgEM3!Please"
PasswordResetRequired: true
Groups:
- "Developers"
UserHarshitha:
Type: "AWS::IAM::User"
Properties:
UserName: "Harshitha"
LoginProfile:
Password: "CH@NgEM3!Please"
PasswordResetRequired: true
Groups:
- "Developers"