Nerdy Drunk

Drunk on technology

User Tools

Site Tools

You are here: start » aws » lambda » letsencrypt_wildcard » lambda_role_policy

Sidebar

Topics

Topic Search


Home Lab
About Me


Twitter @taingalls


Subject Matter Expert Specialty Advanced Networking Specialty Security Specialty Data Analytics Specialty Machine Learning Specialty Database Specialty SAP on AWS Specialty Solutions Architect Professional DevOps Engineer Professional SysOps Administrator Associate Solutions Architect Associate Developer Associate Cloud Practitioner

Mastodon twit.social/@taingalls
aws:lambda:letsencrypt_wildcard:lambda_role_policy

Lambda Role Policy

Variables to change

  • Region us-east-1
  • AWS Account 123456789012
  • Name certgen used in
    • EC2 role name passed to instance
    • SNS topic name used for notifications
    • Log group name / Lambda function name
    • Parameter name for P12 password
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "LaunchEC2Instance",
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": [
                "arn:aws:ec2:us-east-1:123456789012:network-interface/*",
                "arn:aws:ec2:us-east-1:123456789012:subnet/*",
                "arn:aws:ec2:us-east-1:123456789012:volume/*",
                "arn:aws:ec2:us-east-1:123456789012:key-pair/*",
                "arn:aws:ec2:us-east-1:123456789012:security-group/*",
                "arn:aws:ec2:*::image/*"
            ]
        },
        {
            "Sid": "LimitInstanceType",
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": [
                "arn:aws:ec2:us-east-1:123456789012:instance/*"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:InstanceType": "t3.micro"
                }
            }
        },
        {
            "Sid": "PassInstanceRole",
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            "Resource": [
                "arn:aws:iam::123456789012:role/certgen-role-ec2"
            ]
        },
        {
            "Sid": "PublicCertGenTopic",
            "Effect": "Allow",
            "Action": [
                "sns:Publish"
            ],
            "Resource": [
                "arn:aws:sns:us-east-1:123456789012:certgen"
            ]
        },
        {
            "Sid": "CreateLogs",
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogStream",
                "logs:CreateLogGroup",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/certgen*"
            ]
        },
        {
            "Sid": "GetPasswordAndAMI",
            "Effect": "Allow",
            "Action": [
                "ssm:GetParameter"
            ],
            "Resource": [
                "arn:aws:ssm:us-east-1:123456789012:parameter/certgen/*/p12password",
                "arn:aws:ssm:us-east-1:*:parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2",
                "arn:aws:ssm:us-east-1:*:parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64"
            ]
        }
    ]
}
aws/lambda/letsencrypt_wildcard/lambda_role_policy.txt · Last modified: 2024/08/19 18:28 by tingalls

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki