-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathawless_readwrite_group.aws
22 lines (18 loc) · 1.13 KB
/
awless_readwrite_group.aws
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Here we define a group that allow users in that group to use the `awless` CLI in write mode.
#
# Create group name variable:
groupName = AwlessReadWritePermissionsGroup
# Create the group:
create group name=$groupName
# Attach corresponding AWS policies (set of permissions) on group related to the `awless` services:
attach policy arn=arn:aws:iam::aws:policy/AmazonEC2FullAccess group=$groupName
attach policy arn=arn:aws:iam::aws:policy/AmazonS3FullAccess group=$groupName
attach policy arn=arn:aws:iam::aws:policy/AmazonSNSFullAccess group=$groupName
attach policy arn=arn:aws:iam::aws:policy/AmazonSQSFullAccess group=$groupName
attach policy arn=arn:aws:iam::aws:policy/AmazonVPCFullAccess group=$groupName
attach policy arn=arn:aws:iam::aws:policy/AutoScalingFullAccess group=$groupName
attach policy arn=arn:aws:iam::aws:policy/AmazonRDSFullAccess group=$groupName
attach policy arn=arn:aws:iam::aws:policy/AmazonRoute53FullAccess group=$groupName
attach policy arn=arn:aws:iam::aws:policy/AWSLambdaFullAccess group=$groupName
# Note that we keep the IAM access readonly
attach policy arn=arn:aws:iam::aws:policy/IAMReadOnlyAccess group=$groupName