· 6 years ago · Jun 20, 2019, 05:32 PM
1AWSTemplateFormatVersion: '2010-09-09'
2
3Parameters:
4 Password:
5 NoEcho: 'true'
6 Type: String
7 Description: New account password
8 MinLength: '1'
9 MaxLength: '41'
10 ConstraintDescription: the password must be between 1 and 41 characters
11
12Resources:
13 Route53User:
14 Type: AWS::IAM::User
15 Properties:
16 LoginProfile:
17 Password: !Ref 'Password'
18 Route53AdminGroup:
19 Type: AWS::IAM::Group
20 Admins:
21 Type: AWS::IAM::UserToGroupAddition
22 Properties:
23 GroupName: !Ref 'Route53AdminGroup'
24 Users: [!Ref 'Route53User']
25 Route53ChangePolicy:
26 Type: AWS::IAM::Policy
27 Properties:
28 PolicyName: Route53Change
29 PolicyDocument:
30 Statement:
31 - Effect: Allow
32 Action: 'route53:ChangeResourceRecordSets'
33 Resource: 'arn:aws:route53:::hostedzone/*'
34 Groups: [!Ref 'Route53AdminGroup']
35 Route53ListPolicy:
36 Type: AWS::IAM::Policy
37 Properties:
38 PolicyName: Route53List
39 PolicyDocument:
40 Statement:
41 - Effect: Allow
42 Action: ['route53:ListHostedZones', 'route53:ListResourceRecordSets']
43 Resource: '*'
44 Groups: [!Ref 'Route53AdminGroup']
45 Route53Keys:
46 Type: AWS::IAM::AccessKey
47 Properties:
48 UserName: !Ref 'Route53User'
49
50Outputs:
51 AccessKey:
52 Value: !Ref 'Route53Keys'
53 Description: AWSAccessKeyId of new user
54 SecretKey:
55 Value: !GetAtt [Route53Keys, SecretAccessKey]
56 Description: AWSSecretAccessKey of new user