dmennis · March 28, 2019 16:25
diff --git a/CreateAmplifyIAMUserCreds.yaml b/CreateAmplifyIAMUserCreds.yaml
 AWSTemplateFormatVersion: '2010-09-09'
 Description: "This template is used by the master organizations account to provision a new IAM User, assign an IAM Policy, and get credentials to build apps using AWS Amplify"

 Resources:
  # This will create a new IAM User with enough privileges for an AWS Amplify developer to build cloud-enabled apps using the Amplify CLI, Amplify Console, AppSync, APIGW, Lambda, Pinpoint, and DynamoDB
  AWSAmplifyDeveloperIAMUser:
    Type: "AWS::IAM::User"
    Properties: 
      LoginProfile:
        Password: "AmplifyH@ck$"
        PasswordResetRequired: false
      UserName: "AWSAmplifyDeveloperIAMUser"
      Policies:
      - PolicyName: AWSAmplifyDeveloperIAMPolicy
        PolicyDocument:
          Version: '2012-10-17'
          Statement: 
          - 
            Effect: "Allow"
            Action: 
              - "apigateway:*"
              - "amplify:*"
              - "appsync:*"
              - "cloud9:*"
              - "logs:*"
              - "cognito-identity:*"
              - "cognito-idp:*"
              - "devicefarm:*"
              - "dynamodb:*"
              - "lambda:*"
              - "mobiletargeting:*"
              - "s3:*"
              - "cloudformation:*"
              - "iam:*"
            Resource: 
              - "*"
  # Get access key and secret for IAM User: AWSAmplifyDeveloperIAMUser
  AWSAmplifyDeveloperIAMUserCreds:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName:
        !Ref AWSAmplifyDeveloperIAMUser

 # Use these credentials from the CloudFormation Console Output and paste into Amplify CLI configuration
 Outputs:
  AmplifyIAMUserAccessKey:
      Value: !Ref AWSAmplifyDeveloperIAMUserCreds
      Description: "AWSAmplifyDeveloperIAMUser ACCESS KEY ID"
  AmplifyIAMUserSecretAccessKey:
      Value: !GetAtt AWSAmplifyDeveloperIAMUserCreds.SecretAccessKey
      Description: "AWSAmplifyDeveloperIAMUser SECRET KEY ID"
  AWSConsoleLoginURL:
      Value: 
        !Sub 'https://${AWS::AccountId}.signin.aws.amazon.com/console'
      Description: "Use this URL to log into your account via the AWS Management Console for IAM user: AWSAmplifyDeveloperIAMUser"
  AWSConsolePassword:
      Value: "AmplifyH@ck$"
      Description: "Password for IAM User: AWSAmplifyDeveloperIAMUser for the AWS Management Console"
	AWSTemplateFormatVersion: '2010-09-09'
	Description: "This template is used by the master organizations account to provision a new IAM User, assign an IAM Policy, and get credentials to build apps using AWS Amplify"

	Resources:
	# This will create a new IAM User with enough privileges for an AWS Amplify developer to build cloud-enabled apps using the Amplify CLI, Amplify Console, AppSync, APIGW, Lambda, Pinpoint, and DynamoDB
	AWSAmplifyDeveloperIAMUser:
	Type: "AWS::IAM::User"
	Properties:
	LoginProfile:
	Password: "AmplifyH@ck$"
	PasswordResetRequired: false
	UserName: "AWSAmplifyDeveloperIAMUser"
	Policies:
	- PolicyName: AWSAmplifyDeveloperIAMPolicy
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	-
	Effect: "Allow"
	Action:
	- "apigateway:*"
	- "amplify:*"
	- "appsync:*"
	- "cloud9:*"
	- "logs:*"
	- "cognito-identity:*"
	- "cognito-idp:*"
	- "devicefarm:*"
	- "dynamodb:*"
	- "lambda:*"
	- "mobiletargeting:*"
	- "s3:*"
	- "cloudformation:*"
	- "iam:*"
	Resource:
	- "*"
	# Get access key and secret for IAM User: AWSAmplifyDeveloperIAMUser
	AWSAmplifyDeveloperIAMUserCreds:
	Type: AWS::IAM::AccessKey
	Properties:
	UserName:
	!Ref AWSAmplifyDeveloperIAMUser

	# Use these credentials from the CloudFormation Console Output and paste into Amplify CLI configuration
	Outputs:
	AmplifyIAMUserAccessKey:
	Value: !Ref AWSAmplifyDeveloperIAMUserCreds
	Description: "AWSAmplifyDeveloperIAMUser ACCESS KEY ID"
	AmplifyIAMUserSecretAccessKey:
	Value: !GetAtt AWSAmplifyDeveloperIAMUserCreds.SecretAccessKey
	Description: "AWSAmplifyDeveloperIAMUser SECRET KEY ID"
	AWSConsoleLoginURL:
	Value:
	!Sub 'https://${AWS::AccountId}.signin.aws.amazon.com/console'
	Description: "Use this URL to log into your account via the AWS Management Console for IAM user: AWSAmplifyDeveloperIAMUser"
	AWSConsolePassword:
	Value: "AmplifyH@ck$"
	Description: "Password for IAM User: AWSAmplifyDeveloperIAMUser for the AWS Management Console"