stackoom
  简体   繁体   中英

CloudFormation IAM Role — AssumeRolePolicyDocument

 原文  2017-01-31 15:55:37       amazon-web-services/ amazon-cloudformation/ amazon-iam/ amazon-policy

Question

So I'm constructing a cf stack for a role in AWS and I don't know how to go about the AssumeRolePolicyDocument field when designing a role that is not resource-based.

All the examples I've tried to look up each have a specific AWS resource designated under the "Principal" field (eg "Service": "ec2.amazonaws.com" ).

What's the correct way to go about the AssumeRolePolicyDocument field for roles that are designed for users, not resources?

1 answers

solution1
 5 ACCPTED  2017-01-31 16:19:27

You can specify an AWS IAM user using the AWS key instead of Service as the Principal for a role policy document, including an AssumeRolePolicyDocument: 

"Principal": { "AWS": "arn:aws:iam::AWS-account-ID:user/user-name" }

Refer to the Specifying a Principal section of the IAM Policy Elements Reference for full details.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Trying to create an iam role in aws and getting an error on the assumeRolePolicyDocument Attach IAM role using cloudformation how to allow IAM role to assume another IAM role, via cloudformation? IAM Role via CloudFormation Error in Principle How to identify CloudFormation template that defined IAM role? How to use cloudformation to create an IAM user/role AWS CloudFormation drop down for IAM Role Cloudformation AWS IAM Role with and without RoleName Parameter CloudFormation Stack Type: 'AWS::IAM::Role' Associating multiple IAM role with AWS::IAM::InstanceProfile in CloudFormation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM