Last active
July 24, 2022 14:10
-
-
Save camin-mccluskey/1dafd05c5c6846423db97901075db3ef to your computer and use it in GitHub Desktop.
SecretMarsDataReadOnlyRole Definition
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| AWSTemplateFormatVersion: "2010-09-09" | |
| Description: "Access permission role for Mars data table" | |
| Outputs: | |
| SecretMarsDataReadOnlyRole: | |
| Description: 'IAM Role granting read only permission to secret-mars-data' | |
| Value: !Ref SecretMarsDataReadOnlyRole | |
| Export: | |
| Name: 'SecretMarsDataReadOnlyRole' | |
| SecretMarsDataReadOnlyRoleARN: | |
| Description: 'IAM Role ARN granting read only permission to secret-mars-data' | |
| Value: !GetAtt SecretMarsDataReadOnlyRole.Arn | |
| Export: | |
| Name: 'SecretMarsDataReadOnlyRoleARN' | |
| Resources: | |
| SecretMarsDataReadOnlyRole: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| RoleName: SecretMarsDataReadOnlyRole | |
| AssumeRolePolicyDocument: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Action: sts:AssumeRole | |
| Principal: | |
| AWS: | |
| - 'arn:aws:iam::1234567890:role/NumberCrunchingServiceRole' # role in trusted account | |
| Path: "/" | |
| Policies: | |
| - PolicyName: 'read-only-access-policy' | |
| PolicyDocument: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - dynamodb:BatchGetItem | |
| - dynamodb:ConditionCheckItem | |
| - dynamodb:GetItem | |
| - dynamodb:Query | |
| Resource: | |
| - 'arn:aws:dynamodb:us-east-1:9999999999:table/secret-mars-data' # table with our martian data |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment