[AWS Lab] CloudFormation – IAM: Role & Policy

In this lab, we will learn how to create an IAM role and policy for a lambda function

    1. Create a Template File

    • Please review the following YAML template file and save it “iam.yaml”.
    AWSTemplateFormatVersion: 2010-09-09 
Description: Create role for a lambda
Resources:
  MyLambdaRole:
    Type: "AWS::IAM::Role"
    Properties:
      RoleName: my-lambda-role
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
            Action:
              - "sts:AssumeRole"
  
  MyLambdaPolicy:
    Type: "AWS::IAM::ManagedPolicy"
    Properties:
      PolicyDocument:      
        Version: "2012-10-17"
        Statement:
          - Sid: AccessCloudWatch
            Effect: Allow
            Action:
              - "logs:CreateLogGroup"
              - "logs:CreateLogStream"
              - "logs:PutLogEvents"
            Resource: "*"
      Roles: 
        - !Ref MyLambdaRole
Outputs:
  MyRole:
    Description: The ARN of the new role
    Value: !GetAtt MyLambdaRole.Arn

    2. CloudFormation – Create a Stack

    • Click “Create stack
      • Click “with new resources (standard)
    • Create Stack
      • Check “Template is ready
      • Check “Upload a template file
        • Choose “iam.yaml
      • Click “Next
    • Stack Details
      • Stack name: “MyLambdaRole
      • Click “Next
    • Stack Options
      • Accept all defaults
      • Click “Next
    • Review
      • Click “Submit

    3. CloudFormation – Create Resources

    • The stack is creating an Internet Gateway.
      • Wait until the process completes.
    • Check the “Events” tab
    • Check the “Outputs” tab
      • You can see the arn.
    • Check the “Resources” tab
      • Click the role and the policy

    Unknown's avatar

    Published by Pyongwon Lee

    IT (Cloud, Web) Development, Philosophy, Economics.

    Leave a Comment