リソース(User0)のCloudFormationリソースファイルを更新します。
手順に必要な設定値を変数に格納をします。
CloudFormationリソース名を指定します。
変数の設定: TEMPLATE_CFN_RESOURCE_NAME='User0'
変数の設定:
TEMPLATE_CFN_RESOURCE_NAME='User0'
リソースファイル名を指定します。
変数の設定: DIR_TEMPLATE_CFN_RESOURCE="${HOME}/environment/conf-handson-cli-cfn-iam-User/resources" 変数の設定: FILE_TEMPLATE_CFN_RESOURCE="${DIR_TEMPLATE_CFN_RESOURCE}/${TEMPLATE_CFN_RESOURCE_NAME}.txt" \ && echo ${FILE_TEMPLATE_CFN_RESOURCE} 結果(例): ${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt
DIR_TEMPLATE_CFN_RESOURCE="${HOME}/environment/conf-handson-cli-cfn-iam-User/resources"
FILE_TEMPLATE_CFN_RESOURCE="${DIR_TEMPLATE_CFN_RESOURCE}/${TEMPLATE_CFN_RESOURCE_NAME}.txt" \ && echo ${FILE_TEMPLATE_CFN_RESOURCE}
結果(例):
${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt
CloudFormationリソース名配列を指定します。
変数の設定: ARRAY_TEMPLATE_CFN_RESOURCE_NAMES='Group0'
ARRAY_TEMPLATE_CFN_RESOURCE_NAMES='Group0'
各変数に正しい設定値が格納されていることを確認します。
変数の確認: cat << END # 1. TEMPLATE_CFN_RESOURCE_NAME:"User0" TEMPLATE_CFN_RESOURCE_NAME="${TEMPLATE_CFN_RESOURCE_NAME}" # 2. FILE_TEMPLATE_CFN_RESOURCE:"${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt" FILE_TEMPLATE_CFN_RESOURCE="${FILE_TEMPLATE_CFN_RESOURCE}" # 3. ARRAY_TEMPLATE_CFN_RESOURCE_NAMES:"Group0" ARRAY_TEMPLATE_CFN_RESOURCE_NAMES="${ARRAY_TEMPLATE_CFN_RESOURCE_NAMES}" END
変数の確認:
cat << END # 1. TEMPLATE_CFN_RESOURCE_NAME:"User0" TEMPLATE_CFN_RESOURCE_NAME="${TEMPLATE_CFN_RESOURCE_NAME}" # 2. FILE_TEMPLATE_CFN_RESOURCE:"${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt" FILE_TEMPLATE_CFN_RESOURCE="${FILE_TEMPLATE_CFN_RESOURCE}" # 3. ARRAY_TEMPLATE_CFN_RESOURCE_NAMES:"Group0" ARRAY_TEMPLATE_CFN_RESOURCE_NAMES="${ARRAY_TEMPLATE_CFN_RESOURCE_NAMES}" END
各変数について、上の行と下の行の値の内容もしくは形式が同じであることを確認します。 もし異なる場合は、それぞれの手順番号に戻って変数の設定を行います。
CFnリソースファイルを作成します。
変数の確認: cat << END # FILE_TEMPLATE_CFN_RESOURCE:"${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt" FILE_TEMPLATE_CFN_RESOURCE="${FILE_TEMPLATE_CFN_RESOURCE}" # TEMPLATE_CFN_RESOURCE_NAME:"User0" TEMPLATE_CFN_RESOURCE_NAME="${TEMPLATE_CFN_RESOURCE_NAME}" END コマンド: if [ ! $( grep 'Properties:' ${FILE_TEMPLATE_CFN_RESOURCE}) ];then cat << EOF >> ${FILE_TEMPLATE_CFN_RESOURCE} Properties: EOF fi if [ ! $( grep 'Groups:' ${FILE_TEMPLATE_CFN_RESOURCE}) ];then cat << EOF >> ${FILE_TEMPLATE_CFN_RESOURCE} Groups: EOF fi 変数の確認: cat << END # FILE_TEMPLATE_CFN_RESOURCE:"${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt" FILE_TEMPLATE_CFN_RESOURCE="${FILE_TEMPLATE_CFN_RESOURCE}" # ARRAY_TEMPLATE_CFN_RESOURCE_NAMES:"Group0" ARRAY_TEMPLATE_CFN_RESOURCE_NAMES="${ARRAY_TEMPLATE_CFN_RESOURCE_NAMES}" END コマンド: for i in $(echo "${ARRAY_TEMPLATE_CFN_RESOURCE_NAMES}");do echo ' - !Ref '"${i}" >> ${FILE_TEMPLATE_CFN_RESOURCE} done cat ${FILE_TEMPLATE_CFN_RESOURCE} 結果(例): User0: Type: AWS::IAM::User Properties: LoginProfile: Password: "#userPass123" ManagedPolicyArns: - !Ref ManagedPolicy0 - arn:aws:iam::aws:policy/ReadOnlyAccess - arn:aws:iam::aws:policy/AWSCloudFormationFullAccess - arn:aws:iam::XXXXXXXXXXXX:policy/handson-cloud9/handson-cloud9-Cloud9EnvironmentOwner-policy Policies: - PolicyName: InlinePolicy PolicyDocument: Statement: - Action: - iam:ListUsers Effect: Allow Resource: '*' Sid: Stmt1706333829409 Version: '2012-10-17' PermissionsBoundary: arn:aws:iam::aws:policy/ReadOnlyAccess Tags: - Key: handson-cli:department-name Value: Account Management - Key: handson-cli:post-name Value: Assistant Manager Groups: - !Ref Group0
cat << END # FILE_TEMPLATE_CFN_RESOURCE:"${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt" FILE_TEMPLATE_CFN_RESOURCE="${FILE_TEMPLATE_CFN_RESOURCE}" # TEMPLATE_CFN_RESOURCE_NAME:"User0" TEMPLATE_CFN_RESOURCE_NAME="${TEMPLATE_CFN_RESOURCE_NAME}" END
コマンド:
if [ ! $( grep 'Properties:' ${FILE_TEMPLATE_CFN_RESOURCE}) ];then cat << EOF >> ${FILE_TEMPLATE_CFN_RESOURCE} Properties: EOF fi if [ ! $( grep 'Groups:' ${FILE_TEMPLATE_CFN_RESOURCE}) ];then cat << EOF >> ${FILE_TEMPLATE_CFN_RESOURCE} Groups: EOF fi
cat << END # FILE_TEMPLATE_CFN_RESOURCE:"${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt" FILE_TEMPLATE_CFN_RESOURCE="${FILE_TEMPLATE_CFN_RESOURCE}" # ARRAY_TEMPLATE_CFN_RESOURCE_NAMES:"Group0" ARRAY_TEMPLATE_CFN_RESOURCE_NAMES="${ARRAY_TEMPLATE_CFN_RESOURCE_NAMES}" END
for i in $(echo "${ARRAY_TEMPLATE_CFN_RESOURCE_NAMES}");do echo ' - !Ref '"${i}" >> ${FILE_TEMPLATE_CFN_RESOURCE} done cat ${FILE_TEMPLATE_CFN_RESOURCE}
User0: Type: AWS::IAM::User Properties: LoginProfile: Password: "#userPass123" ManagedPolicyArns: - !Ref ManagedPolicy0 - arn:aws:iam::aws:policy/ReadOnlyAccess - arn:aws:iam::aws:policy/AWSCloudFormationFullAccess - arn:aws:iam::XXXXXXXXXXXX:policy/handson-cloud9/handson-cloud9-Cloud9EnvironmentOwner-policy Policies: - PolicyName: InlinePolicy PolicyDocument: Statement: - Action: - iam:ListUsers Effect: Allow Resource: '*' Sid: Stmt1706333829409 Version: '2012-10-17' PermissionsBoundary: arn:aws:iam::aws:policy/ReadOnlyAccess Tags: - Key: handson-cli:department-name Value: Account Management - Key: handson-cli:post-name Value: Assistant Manager Groups: - !Ref Group0
「リソースファイル"${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt"が存在する。」ことを確認します。
コマンド: count=$( echo ${ARRAY_TEMPLATE_CFN_RESOURCE_NAMES} | wc -w ) cat ${FILE_TEMPLATE_CFN_RESOURCE} \ | grep 'Groups:' -A ${count} 結果(例): Groups: - !Ref Group0
count=$( echo ${ARRAY_TEMPLATE_CFN_RESOURCE_NAMES} | wc -w ) cat ${FILE_TEMPLATE_CFN_RESOURCE} \ | grep 'Groups:' -A ${count}
Groups: - !Ref Group0