How to use the cloudform.IAM.Role function in cloudform

To help you get started, we’ve selected a few cloudform examples, based on popular ways it is used in public projects.

github matthewkeil / nomad-devops / aws / iam / UnauthenticatedUserRole.ts View on Github external
import { IAM, Fn } from "cloudform";

export const UnauthenticatedUserRole = new IAM.Role({
    RoleName: "passninja-unauthenticated-user-role",
    AssumeRolePolicyDocument: {
        Version: "2012-10-17",
        Statement: [
            {
                Effect: "Allow",
                Principal: {
                    Federated: "cognito-identity.amazonaws.com"
                },
                Action: "sts:AssumeRoleWithWebIdentity",
                Condition: {
                    StringEquals: {
                        "cognito-identity.amazonaws.com:aud": Fn.ImportValue("IdentityPoolId")
                    },
                    "ForAnyValue:StringLike": {
                        "cognito-identity.amazonaws.com:amr": "unauthenticated"
github matthewkeil / nomad-devops / aws / iam / CustomerRole.ts View on Github external
import { IAM, Fn } from "cloudform";

export const CustomerRole = new IAM.Role({
    RoleName: "passninja-customer-role",
    AssumeRolePolicyDocument: {
        Version: "2012-10-17",
        Statement: [
            {
                Effect: "Allow",
                Principal: {
                    Federated: "cognito-identity.amazonaws.com"
                },
                Action: "sts:AssumeRoleWithWebIdentity",
                Condition: {
                    StringEquals: {
                        "cognito-identity.amazonaws.com:aud": Fn.ImportValue("IdentityPoolId")
                    },
                    "ForAnyValue:StringLike": {
                        "cognito-identity.amazonaws.com:amr": "authenticated"
github matthewkeil / nomad-devops / aws / apiGateway / ApiGatewayRole.ts View on Github external
import { IAM } from "cloudform";

export const ApiGatewayRole = new IAM.Role({
    RoleName: `ApiGatewayRole`,
    AssumeRolePolicyDocument: {
        Version: "2012-10-17",
        Statement: [
            {
                Effect: "Allow",
                Action: "sts:AssumeRole",
                Principal: {
                    Service: "apigateway.amazonaws.com"
                }
            }
        ]
    }
});