-
Notifications
You must be signed in to change notification settings - Fork 13
/
role_for_resource.aws
18 lines (15 loc) · 886 Bytes
/
role_for_resource.aws
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# Title: Create a AWS role with usual readonly policies that applies on a resource
# Tags: access, policy, role
# Description: Create a AWS role that applies on a resource (retrieve the account id with `awless whoami`)
roleName = {role-name}
create role name=$roleName principal-service={aws-service}
# Attach policy (set of permissions) to the created role
attach policy role=$roleName service=ec2 access=readonly
attach policy role=$roleName service=s3 access=readonly
attach policy role=$roleName service=sns access=readonly
attach policy role=$roleName service=sqs access=readonly
attach policy role=$roleName service=vpc access=readonly
attach policy role=$roleName service=autoscaling access=readonly
attach policy role=$roleName service=iam access=readonly
attach policy role=$roleName service=rds access=readonly
attach policy role=$roleName service=route53 access=readonly