Rainsbrook

User Tools

Site Tools

Trace: iam-policy-yaml
aws:iam-policy-yaml

AWS IAM policy in YAML

This reads Account Number in from Parameter Store and uses it with a !Join, IAM policies normally are in JSON, but in CF can be written in YAML, and CF translates to JSON on the fly:- 

---
AWSTemplateFormatVersion: 2010-09-09
Description: Security-Hub-Report
Parameters:
  AccountNumber:
    Type: AWS::SSM::Parameter::Value<AccountNumber>
    Default: 56788765
    Description: AccountNUmber

Resources:
  Type: AWS::IAM::Policy
  Properties:
    PolicyName: Silly-Policy
    PolicyDocument:
      Version: 2012-10-17
      Statement:
        - Sid: VisualEditor0
          Effect: Allow
          Action:
            - logs:PutLogEvents
          Resource:
            - !Join
               - ''
               - - arn:aws:ses:*:
                 - AccountNumber
                 - :configuration-set/*
aws/iam-policy-yaml.txt · Last modified: by 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki