Skip to content

Instantly share code, notes, and snippets.

@embano1

embano1/README.MD

Last active February 6, 2023 16:29
Show Gist options
  • Save embano1/be30036b15606f27f023cb3f26819c15 to your computer and use it in GitHub Desktop.
Save embano1/be30036b15606f27f023cb3f26819c15 to your computer and use it in GitHub Desktop.
Download ZIP
Global Endpoints IAM Example
Raw
README.MD

Trust Relationship

Assume a role named EventBridgeGlobalEndpoints which is important for the "iam:PassRole" part.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "events.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "events:PutRule",
                "events:PutTargets",
                "events:DeleteRule",
                "events:RemoveTargets"
            ],
            "Resource": "arn:aws:events:*:1234567890:rule/bus-01/GlobalEndpointManagedRule-*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "events:PutEvents"
            ],
            "Resource": "arn:aws:events:*:1234567890:event-bus/bus-01"
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            // needs to match role name created using this policy!
            "Resource": "arn:aws:iam::1234567890:role/EventBridgeGlobalEndpoints", 
            "Condition": {
                "StringLike": {
                    "iam:PassedToService": "events.amazonaws.com"
                }
            }
        }
    ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment