🔥
memo
abac
PrincipalTagじゃないと機能しないので注意
//create iam role: switch role for manager
const iamRoleCdkDeploy = new iam.Role(this, 'iamRoleCdkDeploy', {
roleName: 'pan-iam-role-switch-cdk-deploy-all',
assumedBy: new iam.PrincipalWithConditions(
new iam.AccountRootPrincipal(), // AWS アカウント全体を指定
{
'StringEquals': {
'aws:PrincipalTag/CdkDeploy': 'Enable' // タグ制御
}
}
),
});
#!/bin/bash
output_file="output.csv"
temp_file="temp_output.csv"
echo "Name, Alarm Arn" > "${temp_file}"
for file in $(\find ./alarms/*.eml); do
alarm_name=$(grep "^- Name:" "${file}" | sed 's/^- Name:\s*//' | tr -d '\r')
echo "$alarm_name"
alarm_arn=$(grep "^- Alarm Arn:" "${file}" | sed 's/^- Alarm Arn:\s*//')
echo "${alarm_arn}"
if [[ -n $alarm_name && -n $alarm_arn ]]; then
echo "$alarm_name, $alarm_arn" >> "${temp_file}"
fi
done
sort "${temp_file}" | uniq > "${output_file}"
# shellcheck disable=SC1079
rm "${temp_file}"
echo "CSVファイルができたよ"
Discussion