💬

AWSのCloudFormationでユーザー作成するやつ

2022/10/07に公開

CloudFormationでHogeユーザーを作成し、シークレットキーはSecretsManagerに Hoge-credentials で登録される。
権限は SystemsManager のパラメータストア。

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  UserDefine:
    Type: AWS::IAM::User
    Properties:
      Path: /
      UserName: Hoge

  PolicyDefine:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: "HogePolicy"
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - "ssm:PutParameter"
              - "ssm:GetParameters"
            Resource:
              - "*"
      Users:
        - !Ref UserDefine

  UserAccessKey:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName: !Ref UserDefine

  UserAccessKeySecret:
    Type: AWS::SecretsManager::Secret
    Properties:
      Name: !Sub ${UserDefine}-credentials
      SecretString: !Sub "{\"accessKeyId\":\"${UserAccessKey}\",\"secretAccessKey\":\"${UserAccessKey.SecretAccessKey}\"}"

参考

AWS::IAM::User
AWS::IAM::Policy
CloudFormationでIAMアクセスキーの発行とSecrets Managerへの格納をしてみた

Discussion