Generates an IAM policy for the CloudFormation base describe-type's schema
Project description
cfn-giam
Automatically generate the required IAM policies from your Cloudformation file
Manual procedure
- Open AWS Cloudshell or any terminal configured with aws cli.
- Install cfn-giam
pip3 install cfngiam
- Check the IAM Policy required to execute the cloudformation file or folder
cfn-giam -i $yourcfn -o $exportfolder
Automatical procedure
1. Fork to your Github account from this repository
2. Create IAM Role and IAM ID Provider for Github Actions
- Open Cloudformation on your AWS Account.
- Create stack from GithubOIDCRole-ReadOnly.yml.
- Make a note the Roke-Arn created from stack and region's name having stack.
3. Register Role-Arn and region name to Github sercrets
- View Github Actions page on your repository.
- Register following list to Github secrets.
- NAME: AWS_REGION, VALUE: your region's name having stack
- NAME: ROLE_ARN, VALUE: your Roke-Arn created from stack
4. Commit and Push your Cloudformation file
- Add your Cloudformation file in CFn folder.
- Commit and Push your repository.
5. Check artifacts on Github Actions
- View Github Actions page on your repository.
- Make sure the latest "Check the IAM Policy workflow" is successful.
- Open the latest workflow.
- Download artifact on the latest workflow.
Others
Github Actions thumbprint
Github Actions thumbprint changes from time to time.
e.g. Changelog
In that case, Update to GithubOIDCRole-ReadOnly.yml after get new thumbprint with GetGithubOIDCThumbprint.sh.
sh GetGithubOIDCThumbprint.sh
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cfngiam-0.0.2.tar.gz
(3.0 kB
view hashes)