Amazon Web Services Bootcamp
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

AWS CloudFormation

To create a role, we need to use the AWS::IAM::Group type as shown here:

"Developer": {
   "Type": "AWS::IAM::Group",
   "Properties": {
     "GroupName": "Developer",
     "ManagedPolicyArns": [{
       "Ref": "AmazonS3FullAccess"
     }],
     "Path": "/",
     "Policies": [{
       "PolicyName": "S3FullAccessOnMyBucket2",
       "PolicyDocument": {
         "Version": "2012-10-17",
         "Statement": [{
           "Effect": "Allow",
           "Action": [
             "s3:*"
           ],
           "Resource": "arn:aws:s3:::my-bucket-2"
         }]
       }
     }]
   }
 }

The preceding CloudFormation script will create a group with customer-managed policy AmazonS3FullAccess attached and an inline policy on S3 bucket my-bucket-2.

上一章目录下一章