Skip to content

Latest commit

 

History

History
 
 

iam-service-roles

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
service-role.yaml
service-role.yaml
 
 
stack.yaml
stack.yaml
 
 

README.md

Use IAM Service Roles for CloudFormation permissions

AWS Best Practice Reference

Use IAM to Control Access

Example Code Instructions

Create an IAM service role

Create an IAM role with only these permissions:

  • dynamodb:CreateTable
  • dynamodb:DescribeTable

Or

Create the IAM service role example with this command:

aws cloudformation create-stack \
  --stack-name service-role \
  --template-body file://service-role.yaml \
  --capabilities CAPABILITY_NAMED_IAM

Create the stack with the service role

Get the role ARN

Create the stack with the command:

aws cloudformation create-stack \
  --stack-name iam-service-roles \
  --template-body file://stack.yaml \
  --role-arn "<insert iam role arn>"

Removal

Remove the example stack with the command:

aws cloudformation delete-stack \
  --stack-name iam-service-roles

Then, remove the role stack with this command:

aws cloudformation delete-stack \
  --stack-name service-role