iam-s3-user.yaml
---

S3 User CloudFormation Deployment

This CloudFormation template will deploy an S3 IAM User.

AWSTemplateFormatVersion: '2010-09-09'

Parameters

These are the input parameters for this template. All of these parameters must be supplied for this template to be deployed.

Parameters:

BucketNamePath is the full path name to the bucket.

BucketNamePath: Type: String Description: ie ua-uits-ecs/distribution or just ua-uits-ecs

IAMUserName is the username that will be used for this IAM user.

IAMUserName: Type: String Description: Name of the IAM user.

Metadata

Metadata is mostly for organizing and presenting Parameters in a better way when using CloudFormation in the AWS Web UI.

Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: IAM User Configuration Parameters: - IAMUserName - BucketNamePath ParameterLabels: IAMUserName: default: 'IAM User Name:' BucketNamePath: default: 'Bucket Name with optional sub-folder:'

Resources

These are all of the resources deployed by this template.

Resources:

S3 Bucket User

This deploys the S3 bucket user with some policies attached.

S3BucketUser: Type: AWS::IAM::User Properties: Path: "/" Policies: - PolicyName: read-write-access PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - s3:List* Resource: - "*" - Effect: Allow Action: - s3:* Resource: !Sub "arn:aws:s3:::${BucketNamePath}/*"

S3BucketUserAccessKey: Type: AWS::IAM::AccessKey Properties: UserName: !Ref "S3BucketUser"

Outputs

Output values that can be viewed from the AWS CloudFormation console.

Outputs: AccessKeyForUser: Value: !Ref S3BucketUserAccessKey SecretKeyForUser: Value: !GetAtt S3BucketUserAccessKey.SecretAccessKey