Getting ARN of a user other than root in a cloudformation template for Key management System (AWS))

user4108565

I am currently writing a Cloud formation Template(CFT) for KMS (Key Management Services) where I want to give Key Administrative permissions and key usage permissions to users other than root. I want this to be called dynamically through the CFT. As of now, I am able to give root those permissions. Following is the policy:

  {
                        "Sid": "Allow attachment of persistent resources",
                        "Effect": "Allow",
                        "Principal": {
                            "AWS": [
                                "arn:aws:iam::111122223333:user/KMSUser"
                                {
                                    "Fn::Join": [
                                        ":",
                                        [
                                            "arn:aws:iam:",
                                            {
                                                "Ref": "AWS::AccountId"
                                            },
                                            "root"
                                        ]
                                    ]
                                }
                            ]
                        },
                        "Action": [
                            "kms:CreateGrant",
                            "kms:ListGrants",
                            "kms:RevokeGrant"
                        ],
                        "Resource": "*",
                        "Condition": {
                            "Bool": {
                                "kms:GrantIsForAWSResource": true
                            }
                        }
                    }

How can I Get the arn and the username dynamically?

krisnik

You can make use of Parameters.

Define a parameter for username

"Username": {
  "Description": "Username details",
  "Type": "String"
}

In the role name definition, point to the parameter instead of hardcoding it to root.

"Fn::Join": [
    ":",
    [
        "arn:aws:iam:",
        {
            "Ref": "AWS::AccountId"
        },
        {
            "Ref": "Username"
        }
    ]
]

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

From Dev

Running a service on CentOS as a system user other than root

From Dev

How to mount a drive for other user than root?

From Java

Connect to docker container as user other than root

From Dev

Sudo username is different other than root user

From Dev

How to mount a drive for other user than root?

From Dev

Sudo username is different other than root user

From Dev

Running a systemd service as a user other than root!

From Java

AWS cloudformation error: Template validation error: Template error: resource NotificationsTopic does not support attribute type Arn in Fn::GetAtt

From Dev

Allow user other than root to restart supervisorctl process?

From Dev

Is it possible to make users subordinate to a user other than root in Linux?

From Dev

Allow user other than root to restart supervisorctl process?

From Dev

Android: Send Key Inputs to System / other Apps without Root

From Dev

SQL Getting Specific Column other than just the foreign key

From Dev

Global SSH key, working for root user but not for other users

From Dev

AWS Export configuration as cloudformation template

From Dev

AWS Elasticsearch domain - Cloudformation template

From Dev

AWS Export configuration as cloudformation template

From Dev

AWS Elasticsearch domain - Cloudformation template

From Dev

User management system feedback

From Dev

AWS root user permissions

From Dev

What are the different terraform resource properties other than .id and .arn

From Dev

Is there a way to execute Shipit "remote" commands that use "sudo" with a user other than root?

From Dev

MongoDB, an Ubuntu user other than root, and storing the PID file in /var/run/mongodb

From Dev

Setting the capability for aws cloudformation template-validate

From Dev

circle ci cloudformation template aws region errror

From Dev

AWS Ruby SDK Cloudformation will not validate a template

From Dev

AWS cloudformation template or bootstrap script help required

From Dev

What parameter is missing for AWS CloudFormation template?

From Dev

In an AWS CloudFormation template, how can I tag an EC2 instance with it's own Id without getting circular reference errors?

Related Related

  1. 1

    Running a service on CentOS as a system user other than root

  2. 2

    How to mount a drive for other user than root?

  3. 3

    Connect to docker container as user other than root

  4. 4

    Sudo username is different other than root user

  5. 5

    How to mount a drive for other user than root?

  6. 6

    Sudo username is different other than root user

  7. 7

    Running a systemd service as a user other than root!

  8. 8

    AWS cloudformation error: Template validation error: Template error: resource NotificationsTopic does not support attribute type Arn in Fn::GetAtt

  9. 9

    Allow user other than root to restart supervisorctl process?

  10. 10

    Is it possible to make users subordinate to a user other than root in Linux?

  11. 11

    Allow user other than root to restart supervisorctl process?

  12. 12

    Android: Send Key Inputs to System / other Apps without Root

  13. 13

    SQL Getting Specific Column other than just the foreign key

  14. 14

    Global SSH key, working for root user but not for other users

  15. 15

    AWS Export configuration as cloudformation template

  16. 16

    AWS Elasticsearch domain - Cloudformation template

  17. 17

    AWS Export configuration as cloudformation template

  18. 18

    AWS Elasticsearch domain - Cloudformation template

  19. 19

    User management system feedback

  20. 20

    AWS root user permissions

  21. 21

    What are the different terraform resource properties other than .id and .arn

  22. 22

    Is there a way to execute Shipit "remote" commands that use "sudo" with a user other than root?

  23. 23

    MongoDB, an Ubuntu user other than root, and storing the PID file in /var/run/mongodb

  24. 24

    Setting the capability for aws cloudformation template-validate

  25. 25

    circle ci cloudformation template aws region errror

  26. 26

    AWS Ruby SDK Cloudformation will not validate a template

  27. 27

    AWS cloudformation template or bootstrap script help required

  28. 28

    What parameter is missing for AWS CloudFormation template?

  29. 29

    In an AWS CloudFormation template, how can I tag an EC2 instance with it's own Id without getting circular reference errors?

HotTag

Archive