alanwill
/ aws-cfn-self-referencing-sg.json
Last active
January 18, 2024 17:00
AWS CloudFormation example that allows a security group rule to reference the same security group as the source.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Description": "Create a VPC with a SG which references itself", | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Resources": { | |
| "vpctester": { | |
| "Type": "AWS::EC2::VPC", | |
| "Properties": { | |
| "CidrBlock": "172.16.0.0/23", | |
| "EnableDnsSupport": false, | |
| "EnableDnsHostnames": false, |
alanwill
/ aws-iam-allow-passing-role-to-instance.json
Created
February 24, 2014 00:54
AWS IAM policy that allows an IAM user to pass an IAM role, for example, when creating a new EC2 instance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "iam:PassRole" | |
| ], | |
| "Resource": [ | |
| "*" |
alanwill
/ aws-iam-secure-transport.json
Created
February 3, 2014 19:51
AWS IAM policy that allows SSL read only access to a bucket. Good for log buckets.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Statement": [ | |
| { | |
| "Sid": "AllowGetLogs", | |
| "Action": [ | |
| "s3:GetObject" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": "arn:aws:s3:::myloggingbucket/logs/*", | |
| "Condition": { |
alanwill
/ aws-iam-allow-password-changes.json
Last active
September 30, 2024 03:24
AWS IAM policy that allows users to change their own password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version":"2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": ["iam:ChangePassword"], | |
| "Resource": "arn:aws:iam::<account-number>:user/${aws:username}" | |
| }, | |
| { | |
| "Effect": "Allow", |
alanwill
/ aws-iam-s3-console-access.json
Created
January 12, 2014 17:34
AWS IAM policy limiting access to named S3 bucket (programmatic and console)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": ["s3:GetBucketLocation", "s3:ListAllMyBuckets"], | |
| "Resource": "arn:aws:s3:::*" | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Action": ["s3:ListBucket" ], |
NewerOlder