Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@kiiiii

ポリシー

Posted at

以下は、AWS CloudFormationのYAMLテンプレートです。このテンプレートは、AWS Lambda関数に必要なIAMポリシーとIAMロールを作成します。

Resources:
  CostExplorerLambdaRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: /
      Policies:
        - PolicyName: CostExplorerLambdaPolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource: arn:aws:logs:*:*:*
              - Effect: Allow
                Action:
                  - ce:GetCostAndUsage
                Resource: '*'
              - Effect: Allow
                Action:
                  - sns:Publish
                Resource: !Sub 'arn:aws:sns:${AWS::Region}:${AWS::AccountId}:*'

このYAMLファイルを使って、CloudFormationスタックを作成すると、必要なIAMポリシーとIAMロールが作成されます。このIAMロールは、AWS Lambda関数に関連付けることができます。

YAMLテンプレートでは、AWS LambdaがCloudWatch Logsにログを書き込むための権限、AWS Cost Explorer APIを利用するための権限、およびAmazon SNSへのPublish権限がIAMポリシーに追加されています。SNSトピックのリソースは、同じAWSアカウントとリージョン内であることを想定しています。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?