通过 CloudFormation 声明 IAM 访问密钥资源
Declaring an IAM Access Key Resource by CloudFormation
我在我的模板中使用访问密钥创建了一个用户:
"MyAccessKey" : {
"Type" : "AWS::IAM::AccessKey",
"Properties" : {
"UserName" : { "Ref" : "User12" }
}
}
我需要在模板的输出中获取访问密钥 ID 和密钥。怎么做 ?
谢谢
AWS::IAM::AccessKey 资源的访问密钥 ID 和密钥可用作 return values:
"Outputs" : {
"MyAccessKeyId": {
"Ref" : "MyAccessKey"
},
"MySecretKey": {
"Fn::GetAtt": [ "MyAccessKey", "SecretAccessKey" ]
}
}
CloudFormation 的 Outputs documentation 声明 ...
CloudFormation doesn't redact or obfuscate any information you include in the Outputs section. We strongly recommend you don't use this section to output sensitive information, such as passwords or secrets.
一个更安全的选择是创建一个 AWS::SecretsManager::Secret 资源,其中包含用户的访问密钥和秘密密钥。
这是一个利用此方法创建“机器人”用户的模板示例...
---
AWSTemplateFormatVersion: 2010-09-09
Description: example bot user
Resources:
Bot:
Type: AWS::IAM::User
Properties:
Path: /bot/
UserName: !Ref AWS::StackName
BotCredentials:
Type: AWS::IAM::AccessKey
Properties:
Status: Active
UserName: !Ref Bot
BotCredentialsStored:
Type: AWS::SecretsManager::Secret
Properties:
Name: !Sub /bot/credentials/${Bot}
SecretString: !Sub '{"ACCESS_KEY":"${BotCredentials}","SECRET_KEY":"${BotCredentials.SecretAccessKey}"}'
我在我的模板中使用访问密钥创建了一个用户:
"MyAccessKey" : {
"Type" : "AWS::IAM::AccessKey",
"Properties" : {
"UserName" : { "Ref" : "User12" }
}
}
我需要在模板的输出中获取访问密钥 ID 和密钥。怎么做 ? 谢谢
AWS::IAM::AccessKey 资源的访问密钥 ID 和密钥可用作 return values:
"Outputs" : {
"MyAccessKeyId": {
"Ref" : "MyAccessKey"
},
"MySecretKey": {
"Fn::GetAtt": [ "MyAccessKey", "SecretAccessKey" ]
}
}
CloudFormation 的 Outputs documentation 声明 ...
CloudFormation doesn't redact or obfuscate any information you include in the Outputs section. We strongly recommend you don't use this section to output sensitive information, such as passwords or secrets.
一个更安全的选择是创建一个 AWS::SecretsManager::Secret 资源,其中包含用户的访问密钥和秘密密钥。
这是一个利用此方法创建“机器人”用户的模板示例...
---
AWSTemplateFormatVersion: 2010-09-09
Description: example bot user
Resources:
Bot:
Type: AWS::IAM::User
Properties:
Path: /bot/
UserName: !Ref AWS::StackName
BotCredentials:
Type: AWS::IAM::AccessKey
Properties:
Status: Active
UserName: !Ref Bot
BotCredentialsStored:
Type: AWS::SecretsManager::Secret
Properties:
Name: !Sub /bot/credentials/${Bot}
SecretString: !Sub '{"ACCESS_KEY":"${BotCredentials}","SECRET_KEY":"${BotCredentials.SecretAccessKey}"}'