I am new to aws cloudformation template, I want to restrict below role to SQS service only. Please suggest how can I achieve same using conditional.
My template sample::
AWSTemplateFormatVersion: 2010-09-09
Description: >-
This template creates Role
Parameters:
vpcname:
Type: String
Description: Enter vpcname
Resources:
ErrorQueueRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: !Join ["",[ErrorQueueRole.,!Ref vpcname]]
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- sqs.amazonaws.com
Action:
- sts:AssumeRole
Condition:
StringEquals:
SQS uses a SQS policy not an IAM role , so you would be limited here to the functionality that this provides.
A limited number of services such as SNS, Lambda and S3 support what are commonly known as resource policies . Assuming the service (SQS) supports functionality to connect to the service you would need to add the Arn to the service you're trying to trigger.
For example allowing SQS to invoke a Lambda, would require you modify the Lambda function policy such as
{
"Sid": "sqs",
"Effect": "Allow",
"Principal": {
"Service": "sqs.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-2:123456789012:function:my-function"
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.