処理の実行
「IAMポリシー名配列のポリシーが存在する。」ことを確認します。
コマンド:
echo $( \
for i in $(echo "${ARRAY_IAM_POLICY_NAMES}");do
aws iam list-policies \
--query "Policies[?PolicyName == \`${i}\`].PolicyName" \
--output text
done \
)
結果(例):
ReadOnlyAccess AWSCloudFormationFullAccess handson-cloud9-Cloud9EnvironmentOwner-policy
IAMポリシーのARNを取得します。
変数の設定:
array_iam_policy_arns=$(
echo $( \
for i in $(echo "${ARRAY_IAM_POLICY_NAMES}");do
aws iam list-policies \
--query "Policies[?PolicyName == \`${i}\`].Arn" \
--output text
done \
) \
) \
&& echo "${array_iam_policy_arns}"
結果(例)
arn:aws:iam::aws:policy/ReadOnlyAccess arn:aws:iam::aws:policy/AWSCloudFormationFullAccess arn:aws:iam::XXXXXXXXXXXX:policy/handson-cloud9/handson-cloud9-Cloud9EnvironmentOwner-policy
CFnリソースファイルを更新します。
変数の確認:
cat << END
# FILE_TEMPLATE_CFN_RESOURCE:"${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt"
FILE_TEMPLATE_CFN_RESOURCE="${FILE_TEMPLATE_CFN_RESOURCE}"
END
コマンド:
if [ ! $( grep 'Properties:' ${FILE_TEMPLATE_CFN_RESOURCE}) ];then
cat << EOF >> ${FILE_TEMPLATE_CFN_RESOURCE}
Properties:
EOF
fi
if [ ! $( grep 'ManagedPolicyArns:' ${FILE_TEMPLATE_CFN_RESOURCE}) ];then
cat << EOF >> ${FILE_TEMPLATE_CFN_RESOURCE}
ManagedPolicyArns:
EOF
fi
変数の確認:
cat << END
# array_iam_policy_arns:"arn:aws:iam::aws:policy/ReadOnlyAccess arn:aws:iam::aws:policy/AWSCloudFormationFullAccess arn:aws:iam::XXXXXXXXXXXX:policy/handson-cloud9/handson-cloud9-Cloud9EnvironmentOwner-policy"
array_iam_policy_arns="${array_iam_policy_arns}"
END
コマンド:
for i in $(echo ${array_iam_policy_arns});do
echo " - ${i}" >> ${FILE_TEMPLATE_CFN_RESOURCE}
done
cat ${FILE_TEMPLATE_CFN_RESOURCE}
結果(例):
User0:
Type: AWS::IAM::User
Properties:
LoginProfile:
Password: "#userPass123"
ManagedPolicyArns:
- !Ref ManagedPolicy0
- arn:aws:iam::aws:policy/ReadOnlyAccess
- arn:aws:iam::aws:policy/AWSCloudFormationFullAccess
- arn:aws:iam::216399753842:policy/handson-cloud9/handson-Cloud9EnvironmentOwner-policy
完了確認
「リソースファイル"${HOME}/environment/conf-handson-cli-cfn-iam-User/resources/User0.txt"にIAMポリシーARNの記述が存在する。」ことを確認します。
コマンド:
count=$( echo ${ARRAY_IAM_POLICY_NAMES} | wc -w )
cat ${FILE_TEMPLATE_CFN_RESOURCE} \
| grep -v ' !Ref ' \
| grep 'ManagedPolicyArns:' -A ${count} \
| while read i; do
for j in $(echo "${array_iam_policy_arns}");do
echo ${i} | grep " ${j}"$
done
done
結果(例):
- arn:aws:iam::aws:policy/ReadOnlyAccess
- arn:aws:iam::aws:policy/AWSCloudFormationFullAccess
- arn:aws:iam::XXXXXXXXXXXX:policy/handson-cloud9/handson-cloud9-Cloud9EnvironmentOwner-policy