Skip to content

Instantly share code, notes, and snippets.

@josjaf

josjaf/RoleB

Created September 4, 2019 16:37
Show Gist options
  • Save josjaf/69157e74485e15a707b14d407962ccda to your computer and use it in GitHub Desktop.
Save josjaf/69157e74485e15a707b14d407962ccda to your computer and use it in GitHub Desktop.
Download ZIP
Raw
RoleB
from aws_cdk import (
aws_iam as aws_iam,
aws_s3 as aws_s3,
aws_ecr,
aws_ec2,
core,
)
class Compute(core.Stack):
def __init__(self, app: core.App, id: str, props, **kwargs) -> None:
super().__init__(app, id, **kwargs)
# creating a role manually because the instance class does not exist
ec2_role = aws_iam.Role(
self, "RoleB",
assumed_by=aws_iam.CompositePrincipal(
# aws_iam.Role(),
#aws_iam.PrincipalBase(props.ec2_role.role_arn),
aws_iam.ArnPrincipal(core.PhysicalName.GENERATE_IF_NEEDED(props.ec2_role)),
aws_iam.ArnPrincipal(props.ec2_role.role_arn),
aws_iam.ServicePrincipal('ec2.amazonaws.com'),
aws_iam.ServicePrincipal('ssm.amazonaws.com'),
aws_iam.AccountRootPrincipal(),
),
max_session_duration=core.Duration.hours(1),
managed_policies=[aws_iam.ManagedPolicy.from_aws_managed_policy_name('AmazonSSMManagedInstanceCore')],
#
)
@property
def outputs(self):
props = self.output_props
return props
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment