cdk-v2-example-sts-role.ts

cdk-v2-example-sts-role.ts

import { App, CfnParameter, Stack, StackProps } from 'aws-cdk-lib';
import * as iam from 'aws-cdk-lib/aws-iam';
import { Construct } from 'constructs';

export class MyStack extends Stack {
  constructor(scope: Construct, id: string, props: StackProps = {}) {
    super(scope, id, props);
    const accountPrincipal = new CfnParameter(this, 'accountid', {
      default: '',
      description: 'trainerAccountId',
    });
    const masterRole = new iam.Role(this, 'masters-role', {
      assumedBy: new iam.AccountPrincipal(accountPrincipal.valueAsString),
      roleName: 'TrainerSTSRole',
    });
    masterRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('ReadOnlyAccess'));
  }
}

// for development, use account/region from cdk cli
const devEnv = {
  account: process.env.CDK_DEFAULT_ACCOUNT,
  region: process.env.CDK_DEFAULT_REGION,
};

const app = new App();

new MyStack(app, 'my-stack-dev', { env: devEnv });
// new MyStack(app, 'my-stack-prod', { env: prodEnv });

app.synth();