forked from iann0036/aws-leastprivilege
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.yaml
92 lines (88 loc) · 3.08 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
Resources:
S3Bucket:
Type: AWS::S3::Bucket
AccessAnalyzer:
Type: AWS::AccessAnalyzer::Analyzer
Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/ReadOnlyAccess
- arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
Policies:
- PolicyName: root
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:*
Resource: arn:aws:logs:*:*:*
- Effect: Allow
Action:
- xray:PutTraceSegments
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
Resource: '*'
LambdaFunction:
Type: AWS::Lambda::Function
Properties:
DeadLetterConfig:
TargetArn: arn:aws:sqs:ap-southeast-2:123456789012:myqueue
Environment:
Variables:
FOO: BAR
Handler: index.handler
KmsKeyArn: arn:aws:kms:ap-southeast-2:123456789012:key/123e4567-e89b-12d3-a456-426655440000
Role: arn:aws:iam::123456789012:role/S3Access
Code:
S3Bucket: ianmckay-ap-southeast-2
S3Key: emptyhandler.zip
Layers:
- arn:aws:lambda:ap-southeast-2:123456789012:layer:layer1:1
- arn:aws:lambda:ap-southeast-2:123456789012:layer:layer2:1
ReservedConcurrentExecutions: 1
Runtime: nodejs12.x
Timeout: 10
TracingConfig:
Mode: Active
Tags:
- Key: FOO
Value: BAR
VpcConfig:
SecurityGroupIds:
- sg-12345678901234567
- sg-12345678901234568
SubnetIds:
- subnet-12345678901234567
- subnet-12345678901234568
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: svcrolegen-AWS-EC2-SecurityGroup
GroupDescription: svcrolegen-AWS-EC2-SecurityGroup
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Tags:
- Key: FOO
Value: BAR
VpcId: vpc-1234567890abcde