-
Notifications
You must be signed in to change notification settings - Fork 0
/
dev.yml
44 lines (40 loc) · 1.45 KB
/
dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Resources:
Admins:
Type: AWS::IAM::Group
Properties:
GroupName: Admins
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
PowerUsers:
Type: AWS::IAM::Group
Properties:
GroupName: PowerUsers
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess
- arn:aws:iam::aws:policy/AmazonS3FullAccess
- arn:aws:iam::aws:policy/IAMReadOnlyAccess
- arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess
- arn:aws:iam::aws:policy/CloudWatchEventsFullAccess
- arn:aws:iam::aws:policy/AWSCloudTrailFullAccess
- arn:aws:iam::aws:policy/job-function/Billing
- Fn::ImportValue: iam-policies-${self:provider.stage}-CloudFormationFullAccessArn
Users:
Type: AWS::IAM::Group
Properties:
GroupName: Users
ManagedPolicyArns:
- arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials
- arn:aws:iam::aws:policy/IAMUserChangePassword
- arn:aws:iam::aws:policy/IAMUserSSHKeys
DevAdmins:
Type: AWS::IAM::Group
Properties:
GroupName: DevAdmins
ManagedPolicyArns:
- Fn::ImportValue: iam-policies-${self:provider.stage}-OrganizationAccountAccessDevAdminPolicyArn
DevUsers:
Type: AWS::IAM::Group
Properties:
GroupName: DevUsers
ManagedPolicyArns:
- Fn::ImportValue: iam-policies-${self:provider.stage}-OrganizationAccountAccessDevUsersPolicyArn