{ | |
"AWSTemplateFormatVersion" : "2010-09-09", | |
"Description" : "IAM Role for S3", | |
"Parameters" : { | |
"KeyName" : { | |
"Description" : "EC2 KeyPair", | |
"Type" : "AWS::EC2::KeyPair::KeyName" | |
}, | |
"myVPC": { | |
"Description" : "Learning Activity Provided VPC", | |
"Type" : "String", | |
"Default" : "vpc-XXXXXXXX" | |
}, | |
"MySubnet": { | |
"Description" : "Learning Activity Provided subnet", | |
"Type": "String", | |
"Default": "subnet-XXXXXXXX" | |
}, | |
"InstanceType1" : { | |
"Description" : "EC2 instances allowed", | |
"Type" : "String", | |
"Default" : "t2.micro", | |
"AllowedValues" : ["t2.micro", "t2.small"] | |
} | |
}, | |
"Mappings" : { | |
"AMIs" : { | |
"us-east-1" : { | |
"Name" : "ami-8c1be5f6" | |
}, | |
"us-east-2" : { | |
"Name" : "ami-c5062ba0" | |
}, | |
"eu-west-1" : { | |
"Name" : "ami-acd005d5" | |
} | |
} | |
}, | |
"Resources" : { | |
"EC2WithRole" : { | |
"Type" : "AWS::EC2::Instance", | |
"Properties" : { | |
"InstanceType" : { | |
"Ref" : "InstanceType1" | |
}, | |
"SubnetId": { "Ref": "MySubnet" }, | |
"ImageId" : { | |
"Fn::FindInMap" : [ | |
"AMIs", | |
{ | |
"Ref" : "AWS::Region" | |
}, | |
"Name" | |
] | |
}, | |
"KeyName" : { | |
"Ref" : "KeyName" | |
}, | |
"IamInstanceProfile" : { | |
"Ref" : "ListBuckets" | |
}, | |
"SecurityGroupIds" : [ | |
{ | |
"Ref" : "MySG" | |
} | |
], | |
"Tags" : [ | |
{ | |
"Key" : "Name", | |
"Value" : "EC2WithRole" | |
} | |
] | |
} | |
}, | |
"MySG" : { | |
"Type" : "AWS::EC2::SecurityGroup", | |
"Properties" : { | |
"VpcId" : {"Ref" : "myVPC"}, | |
"GroupDescription" : "Allow SSH access from anywhere", | |
"SecurityGroupIngress" : [ | |
{ | |
"FromPort" : "22", | |
"ToPort" : "22", | |
"IpProtocol" : "tcp", | |
"CidrIp" : "0.0.0.0/0" | |
} | |
], | |
"Tags" : [ | |
{ | |
"Key" : "Name", | |
"Value" : "MySG" | |
} | |
] | |
} | |
}, | |
"ListBuckets" : { | |
"Type" : "AWS::IAM::InstanceProfile", | |
"Properties" : { | |
"Path" : "/", | |
"Roles" : [ | |
{ | |
"Ref" : "S3BucketRole" | |
} | |
] | |
} | |
}, | |
"S3BucketPolicy" : { | |
"Type" : "AWS::IAM::Policy", | |
"Properties" : { | |
"PolicyName" : "S3BucketPolicy", | |
"PolicyDocument" : { | |
"Statement" : [ | |
{ | |
"Effect" : "Allow", | |
"Action" : [ | |
"s3:List*", | |
"s3:CreateBucket" | |
], | |
"Resource" : "*" | |
} | |
] | |
}, | |
"Roles" : [ | |
{ | |
"Ref" : "S3BucketRole" | |
} | |
] | |
} | |
}, | |
"S3BucketRole" : { | |
"Type" : "AWS::IAM::Role", | |
"Properties" : { | |
"AssumeRolePolicyDocument": { | |
"Version" : "2012-10-17", | |
"Statement" : [ | |
{ | |
"Effect" : "Allow", | |
"Principal" : { | |
"Service" : ["ec2.amazonaws.com"] | |
}, | |
"Action" : [ | |
"sts:AssumeRole" | |
] | |
} | |
] | |
}, | |
"Path" : "/" | |
} | |
} | |
}, | |
"Outputs" : { | |
"EC2" : { | |
"Description" : "EC2 IP address", | |
"Value" : { | |
"Fn::Join" : [ | |
"", | |
[ | |
"ssh ec2-user@", | |
{ | |
"Fn::GetAtt" : [ | |
"EC2WithRole", | |
"PublicIp" | |
] | |
}, | |
" -i ", | |
{ | |
"Ref" : "KeyName" | |
}, | |
".pem" | |
] | |
] | |
} | |
} | |
} | |
} |