💬
AWSのCloudFormationでユーザー作成するやつ
CloudFormationでHogeユーザーを作成し、シークレットキーはSecretsManagerに Hoge-credentials で登録される。
権限は SystemsManager のパラメータストア。
AWSTemplateFormatVersion: "2010-09-09"
Resources:
UserDefine:
Type: AWS::IAM::User
Properties:
Path: /
UserName: Hoge
PolicyDefine:
Type: AWS::IAM::Policy
Properties:
PolicyName: "HogePolicy"
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "ssm:PutParameter"
- "ssm:GetParameters"
Resource:
- "*"
Users:
- !Ref UserDefine
UserAccessKey:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref UserDefine
UserAccessKeySecret:
Type: AWS::SecretsManager::Secret
Properties:
Name: !Sub ${UserDefine}-credentials
SecretString: !Sub "{\"accessKeyId\":\"${UserAccessKey}\",\"secretAccessKey\":\"${UserAccessKey.SecretAccessKey}\"}"
参考
AWS::IAM::User
AWS::IAM::Policy
CloudFormationでIAMアクセスキーの発行とSecrets Managerへの格納をしてみた
Discussion