CloudFormation – Create user

0
698
CloudFormation template

This CloudFormation template does the following

  1. creates a user “JohnDoe”
  2. assigns him an IAM policy names IAMUserChangePassword which allows him to change his password.
  3. at first login the user will be prompted to change his password, this is achieved with the ‘PasswordResetRequired: “true”‘ declaration.
  4. When creating the stack the creator of the stack is prompted for a default password for this user

By default this user has no other rights except changing his own password.

AWSTemplateFormatVersion: "2010-09-09"
Description: >
  This template creates an IAM user named 'JohnDoe'
  And permissions for him to change his password.
Parameters:
  password:
    NoEcho: true
    Description: Password for the IAM User
    Type: String
Resources:

  johndoe:
    Type: AWS::IAM::User
    Properties:
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/IAMUserChangePassword
      LoginProfile:
        Password: !Ref password
        PasswordResetRequired: "true"

Leave A Reply

Please enter your comment!
Please enter your name here