Can I use existing AWS IAM role to create S3 bucket via Cloudformation template?
Question
I want to create a S3 Bucket via CloudFormation template. I found there is a way to do it for EC2 instance on this link .
Do we have a way to create S3 bucket using existing IAM role via cloudformation?
2 answers
solution1
0 2019-02-05 10:45:14
It looks like what you're looking for is a service role . From AWS:
A service role is an AWS Identity and Access Management (IAM) role that allows AWS CloudFormation to make calls to resources in a stack on your behalf. You can specify an IAM role that allows AWS CloudFormation to create, update, or delete your stack resources. By default, AWS CloudFormation uses a temporary session that it generates from your user credentials for stack operations. If you specify a service role, AWS CloudFormation uses the role's credentials.
For more information, you might want to take a look at this , specifically the permission part to find out how to use an existing IAM role for creating a Cloudformation stack.
By the way: Unfortunately the link that you've provided doesn't seem to be accessible anymore.
solution2
0 2019-02-05 12:10:31
When deploying infrastructure using creating Cloudformation template, you can have 2 ways to do it:
- Cloudformation can deploy resources using the permissions of the current user who deploys the CF template. This is the default way
- Secondly (Optional), you can choose an existing role that can be attached to the CF template. Cloudformation service will use the permissions of that attached role to deploy all the required services. Given that the attached role has permissions to S3, you can create an S3 bucket as can be seen in the attached screenshot
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.