処理の実行
CloudFormationテンプレート共通部分を作成します。
変数の確認:
cat << END
# FILE_CLOUDFORMATION_TEMPLATE:"${HOME}/environment/conf-handson-cli-cfn-iam-Role/handson-cli-cfn-iam-Role.template"
FILE_CLOUDFORMATION_TEMPLATE="${FILE_CLOUDFORMATION_TEMPLATE}"
# CLOUDFORMATION_TEMPLATE_DESCRIPTION:"Template for handson-cli-cfn-iam-Role."
CLOUDFORMATION_TEMPLATE_DESCRIPTION="${CLOUDFORMATION_TEMPLATE_DESCRIPTION}"
END
コマンド:
cat << EOF > ${FILE_CLOUDFORMATION_TEMPLATE}
AWSTemplateFormatVersion: 2010-09-09
Description:
${CLOUDFORMATION_TEMPLATE_DESCRIPTION}
EOF
cat ${FILE_CLOUDFORMATION_TEMPLATE}
結果(例):
AWSTemplateFormatVersion: 2010-09-09
Description:
Template for handson-cli-cfn-iam-Role.
CloudFormationテンプレートにリソース部分を追加します。
コマンド:
echo 'Resources:' >> ${FILE_CLOUDFORMATION_TEMPLATE}
for i in $( ls ${DIR_CLOUDFORMATION_RESOURCE}/*.txt ); do \
cat $i | sed '/^$/d' >> ${FILE_CLOUDFORMATION_TEMPLATE}; \
echo '' >> ${FILE_CLOUDFORMATION_TEMPLATE} \
; done
cat ${FILE_CLOUDFORMATION_TEMPLATE}
結果(例):
AWSTemplateFormatVersion: 2010-09-09
Description:
Template for handson-cli-cfn-iam-Role.
Resources:
ManagedPolicy0:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: "Policy for handson-cli-cfn-iam-Role."
Path: "/handson-cli/"
PolicyDocument:
Statement:
- Action:
- iam:ListUsers
Effect: Allow
Resource: '*'
Sid: Stmt1709336354131
Version: '2012-10-17'
Role0:
Type: AWS::IAM::Role
Properties:
Path: /handson-cli/
Description: No-name role for handson-cli-cfn-iam-Role.
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
MaxSessionDuration: 43200
ManagedPolicyArns:
- !Ref ManagedPolicy0
- arn:aws:iam::aws:policy/ReadOnlyAccess
- arn:aws:iam::aws:policy/AWSCloudFormationFullAccess
- arn:aws:iam::059067559142:policy/handson-cloud9/handson-cloud9-Cloud9EnvironmentOwner-policy
Policies:
- PolicyName: InlinePolicy
PolicyDocument:
Statement:
- Action:
- iam:ListUsers
Effect: Allow
Resource: '*'
Sid: Stmt1709336354131
Version: '2012-10-17'
PermissionsBoundary: arn:aws:iam::aws:policy/ReadOnlyAccess
Tags:
- Key: handson-cli:department-name
Value: Account Management
- Key: handson-cli:post-name
Value: Assistant Manager
Role1Named:
Type: AWS::IAM::Role
Properties:
Path: /handson-cli/
RoleName: handson-cli-cfn-iam-Role-role
Description: Named role for handson-cli-cfn-iam-Role.
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Role2StackName:
Type: AWS::IAM::Role
Properties:
Path: /handson-cli/
RoleName: !Ref AWS::StackName
Description: Role for handson-cli-cfn-iam-Role.
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
完了確認
本手順の主処理は、以下の完了条件を満たしたときに成功したものとします。
完了条件1: CloudFormationテンプレート"handson-cli-cfn-iam-Role"が存在する。
「CloudFormationテンプレート"handson-cli-cfn-iam-Role"が存在する。」ことを確認します。
コマンド:
ls ${FILE_CLOUDFORMATION_TEMPLATE}
結果(例):
${HOME}/environment/conf-handson-cli-cfn-iam-Role/handson-cli-cfn-iam-Role.template
完了条件2: CloudFormationテンプレート"handson-cli-cfn-iam-Role"がYAMLフォーマットとして正常である。
「CloudFormationテンプレート"handson-cli-cfn-iam-Role"がYAMLフォーマットとして正常である。」ことを確認します。
コマンド:
yamllint ${FILE_CLOUDFORMATION_TEMPLATE}
結果(例):