role_for_user.aws

# Title: Create a AWS role with usual readonly policies that applies on a user
# Tags: access, policy, user
# Description: Create a AWS role that applies on a user (retrieve the id with `awless whoami`)

newRole = create role name={role-name} principal-account={aws-account-id} 

# Attach policy (set of permissions) to the created role
attach policy role={role-name} service=ec2 access=readonly
attach policy role={role-name} service=s3 access=readonly
attach policy role={role-name} service=sns access=readonly
attach policy role={role-name} service=sqs access=readonly
attach policy role={role-name} service=vpc access=readonly
attach policy role={role-name} service=autoscaling access=readonly
attach policy role={role-name} service=iam access=readonly
attach policy role={role-name} service=rds access=readonly
attach policy role={role-name} service=route53 access=readonly

# Create a policy to allow user with this policy to assume only this role
# You can then attach this policy to a user via `awless attach policy arn=... user=jsmith`
create policy name={assume-policy-name} effect=Allow action=sts:AssumeRole resource=$newRole