Skip to content

Commit

Permalink
Cloudformation yml to create elast-agent user and generate direct acc…
Browse files Browse the repository at this point in the history 
…ess key
  • Loading branch information
@moukoublen
moukoublen committed Mar 27, 2024
1 parent 91a8049 commit e033ea9
Showing 1 changed file with 48 additions and 0 deletions.
48 changes: 48 additions & 0 deletions deploy/cloudformation/elastic-agent-direct-access-key-cspm.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
AWSTemplateFormatVersion: "2010-09-09"

Description: Creates elastic-agent cspm user, role, and access key, and outputs the access key

Parameters: {}

Resources:
ElasticCSPMUser:
Type: "AWS::IAM::User"
Properties:
UserName: "elasticagent-cspm"

# IAM Role to assume for Management Account
ElasticCSPMRole:
Type: AWS::IAM::Role
Properties:
RoleName: cloudbeat-root
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
AWS: !GetAtt ElasticCSPMUser.Arn
Action:
- sts:AssumeRole
Path: /
ManagedPolicyArns:
- arn:aws:iam::aws:policy/SecurityAudit

ElasticCSPMAccessKey:
Type: "AWS::IAM::AccessKey"
Properties:
UserName: !Ref ElasticCSPMUser


Outputs:
AccessKeyId:
Description: "Access Key ID"
Value: !Ref ElasticCSPMAccessKey
Export:
Name: "AccessKeyId"

SecretAccessKey:
Description: "Secret Access Key"
Value: !GetAtt ElasticCSPMAccessKey.SecretAccessKey
Export:
Name: "SecretAccessKey"

0 comments on commit e033ea9

Please sign in to comment.