def key(template, user, serial=0):
user_name = user.UserName
key = AccessKey(template=template, title='{}key'.format(user_name.replace('_', '')))
key.UserName = user_name
key.Serial = serial
key.DependsOn = user.title
add_output(template=template, description=user_name + 'ACCESS_KEY_ID', value=Ref(key))
add_output(template=template, description=user_name + 'SECRET_ACCESS_KEY', value=GetAtt(key, 'SecretAccessKey'))
return key
def create_access_key(stack, name, user):
"""Add IAM User Access/Secret Key Resource."""
access_key = stack.stack.add_resource(
AccessKey('{0}AccessKey'.format(name), Status='Active', UserName=user))
stack.stack.add_output(
Output('{0}AccessOutput'.format(name),
Value=Ref(access_key),
Description='Access Key for {0}'.format(name)))
stack.stack.add_output(
Output('{0}SecretOutput'.format(name),
Value=GetAtt(access_key, 'SecretAccessKey'),
Description='Secret Key for {0}'.format(name)))
def generate_user_with_creds(self,
username,
password=True,
accesskey=True):
## Generate a random password as 8-byte hexadecimal string
data = {}
assert password == True or accesskey == True
'Must have some credentials'
## Now we declare a user, as we need to reference a user to generate access keys.
user = User(self.affiliatename + 'user' + str(username),
UserName=Join("", [username, Ref(AWS_REGION)]))
user_t = self.template.add_resource(user)
if password == True:
## User can reset if desired
ResetRequired = False
default_password = secrets.token_hex(8)
lp = LoginProfile(Password=default_password,
PasswordResetRequired=ResetRequired)
data['password'] = []
data['password'].append({'password': default_password})
self.template.add_output(
Output('Password' + str(self.usercount),
Value=default_password,
Description='Default password of new user ' + username))
user_t.LoginProfile = lp
## Now we generate access keys:
if accesskey == True:
key = AccessKey('userkey' + str(self.usercount),
UserName=Ref(user))
self.template.add_resource(key)
accesskey = Ref(key)
secretkey = GetAtt(key, 'SecretAccessKey')
self.template.add_output(
Output('AccessKey' + str(self.usercount),
Value=accesskey,
Description='Access Key of user: '******'SecretAccessKey' + str(self.usercount),
Value=secretkey,
Description='Secret Key of new user: ' + username))
self.users.append(user_t)
self.usercount += 1
def render(self,
app_name=None,
stage_name=None,
username=None,
function_bucket=None,
static_bucket=None,
aws_region_name='us-east-1'):
self.app_name = app_name
self.stage_name = stage_name
self.username = username
self.function_bucket = function_bucket
self.static_bucket = static_bucket
self.aws_region_name = aws_region_name
self.t = Template()
self.t.add_description(
"Zappa Template for {app_name}-{stage_name} ".format(
app_name=self.app_name, stage_name=self.stage_name))
zappa_user = self.t.add_resource(User(self.username))
zappa_user_keys = self.t.add_resource(
AccessKey("ZappaUserKeys",
Status="Active",
UserName=Ref(zappa_user)))
self.t.add_resource(
PolicyType(
alpha_num_pattern.sub(
'', "{app_name}{stage_name}".format(
app_name=self.app_name, stage_name=self.stage_name)),
Users=[Ref(zappa_user)],
PolicyName="zappa-{app_name}-{stage_name}".format(
app_name=self.app_name, stage_name=self.stage_name),
PolicyDocument=Policy(
Version="2012-10-17",
Statement=self.get_statement_list(),
),
))
self.t.add_output(
Output(
"AccessKey",
Value=Ref(zappa_user_keys),
Description="AWSAccessKeyId of new user",
))
self.t.add_output(
Output(
"SecretKey",
Value=GetAtt(zappa_user_keys, "SecretAccessKey"),
Description="AWSSecretKey of new user",
))
return self.t.to_json()
from troposphere import Template, Ref, Output, GetAtt
from troposphere.iam import AccessKey, User
tpl = Template()
tpl.add_version('2010-09-09')
tpl.add_description(
"Create a superadmin user with all required privileges for this project. "
)
# Resources
superuser = tpl.add_resource(User(
title='czpycon2015',
))
access_keys = tpl.add_resource(AccessKey(
"Troposphere",
Status="Active",
UserName=Ref(superuser))
)
# Outputs
tpl.add_output(Output(
"AccessKey",
Value=Ref(access_keys),
Description="AWSAccessKeyId of superuser",
))
tpl.add_output(Output(
"SecretKey",
Value=GetAtt(access_keys, "SecretAccessKey"),
Description="AWSSecretKey of superuser",
))
UserToGroupAddition,
)
t = Template()
t.set_description("AWS CloudFormation Sample Template: This template "
"demonstrates the creation of IAM User/Group.")
cfnuser = t.add_resource(
User("CFNUser", LoginProfile=LoginProfile(Password="******")))
cfnusergroup = t.add_resource(Group("CFNUserGroup"))
cfnadmingroup = t.add_resource(Group("CFNAdminGroup"))
cfnkeys = t.add_resource(
AccessKey("CFNKeys", Status="Active", UserName=Ref(cfnuser)))
users = t.add_resource(
UserToGroupAddition(
"Users",
GroupName=Ref(cfnusergroup),
Users=[Ref(cfnuser)],
))
admins = t.add_resource(
UserToGroupAddition(
"Admins",
GroupName=Ref(cfnadmingroup),
Users=[Ref(cfnuser)],
))
from troposphere import GetAtt, Output, Ref, Template
from troposphere.iam import AccessKey, Group, LoginProfile, PolicyType
from troposphere.iam import User, UserToGroupAddition
t = Template()
t.add_description("AWS CloudFormation Sample Template: This template "
"demonstrates the creation of IAM User/Group.")
cfnuser = t.add_resource(User("CFNUser",
LoginProfile=LoginProfile("Password")))
cfnusergroup = t.add_resource(Group("CFNUserGroup"))
cfnadmingroup = t.add_resource(Group("CFNAdminGroup"))
cfnkeys = t.add_resource(AccessKey("CFNKeys", UserName=Ref(cfnuser)))
users = t.add_resource(
UserToGroupAddition(
"Users",
GroupName=Ref(cfnusergroup),
Users=[Ref(cfnuser)],
))
admins = t.add_resource(
UserToGroupAddition(
"Admins",
GroupName=Ref(cfnadmingroup),
Users=[Ref(cfnuser)],
))
t = Template()
t.set_description("AWS CloudFormation Sample Template: This template "
"demonstrates the creation of IAM User/Group.")
cfnuser = t.add_resource(User(
"CFNUser",
LoginProfile=LoginProfile(Password="******"))
)
cfnusergroup = t.add_resource(Group("CFNUserGroup"))
cfnadmingroup = t.add_resource(Group("CFNAdminGroup"))
cfnkeys = t.add_resource(AccessKey(
"CFNKeys",
Status="Active",
UserName=Ref(cfnuser))
)
users = t.add_resource(UserToGroupAddition(
"Users",
GroupName=Ref(cfnusergroup),
Users=[Ref(cfnuser)],
))
admins = t.add_resource(UserToGroupAddition(
"Admins",
GroupName=Ref(cfnadmingroup),
Users=[Ref(cfnuser)],
))
from troposphere import Template, Ref, Output, GetAtt
from troposphere.iam import AccessKey, User
tpl = Template()
tpl.add_version('2010-09-09')
tpl.add_description("Create a CircleCI user with access to S3 bucket.")
# Resources
superuser = tpl.add_resource(User(title='czpycon2015circleci', ))
access_keys = tpl.add_resource(
AccessKey("Troposphere", Status="Active", UserName=Ref(superuser)))
# Outputs
tpl.add_output(
Output(
"AccessKey",
Value=Ref(access_keys),
Description="AWSAccessKeyId",
))
tpl.add_output(
Output(
"SecretKey",
Value=GetAtt(access_keys, "SecretAccessKey"),
Description="AWSSecretKey",
))
if __name__ == '__main__':
print(tpl.to_json())
HostRecord = t.add_resource(
RecordSetType(
"HostRecord",
Comment="DNS name for my instance.",
Name=Join("", [Ref("SiteName"), ".",
Ref("HostedZone"), "."]),
HostedZoneName=Join("", [Ref("HostedZone"), "."]),
ResourceRecords=[GetAtt("MainInstance", "PublicIp")],
TTL="900",
Type="A",
DependsOn=["MainEIP"],
))
HostKeys = t.add_resource(
AccessKey(
"HostKeys",
UserName=Ref("PerforceHelixIAMUser"),
))
MainServerSecurityGroup = t.add_resource(
SecurityGroup(
"MainServerSecurityGroup",
SecurityGroupIngress=[{
"ToPort": "80",
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0",
"FromPort": "80"
}, {
"ToPort": "22",
"IpProtocol": "tcp",
"CidrIp": Ref("SSHLocation"),
"FromPort": "22"