Created
January 11, 2018 23:57
-
-
Save robnolen/212bd276e14e58ea4b86d5e822e6bee5 to your computer and use it in GitHub Desktop.
CloudFormation template to create Security auditor role
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: 2010-09-09 | |
Description: This template creates a role that provides permissions to a specific account/iam user to access audit features | |
Parameters: | |
UserARNS: | |
Type: CommaDelimitedList | |
Default: "arn1,arn2,arn3" | |
Description: "Provide a comma delimited list of ARNs for users that you want to assume the role. (arn:aws:iam::123456789012:user/testuser)" | |
Resources: | |
SecurityAuditRole: | |
Type: "AWS::IAM::Role" | |
Properties: | |
AssumeRolePolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- | |
Effect: "Allow" | |
Principal: | |
AWS: !Ref UserARNS | |
Action: | |
- "sts:AssumeRole" | |
Path: "/" | |
RoleName: "SecurityTeamAudit" | |
ManagedPolicyArns: | |
- arn:aws:iam::aws:policy/SecurityAudit | |
Policies: | |
- | |
PolicyName: "SecurityAudit-CWL" | |
PolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- | |
Action: "logs:*" | |
Effect: "Allow" | |
Resource: "*" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment