diff options
-rw-r--r-- | generic-user.yaml | 24 | ||||
-rw-r--r-- | heat.yaml | 43 |
2 files changed, 39 insertions, 28 deletions
diff --git a/generic-user.yaml b/generic-user.yaml new file mode 100644 index 00000000..ce6b84b8 --- /dev/null +++ b/generic-user.yaml @@ -0,0 +1,24 @@ +HeatTemplateFormatVersion: '2012-12-12' +Description: 'HEAT Template - Heat Engine and API' +Parameters: + AllowedResources: + Type: list +Resources: + AccessPolicy: + Type: OS::Heat::AccessPolicy + Properties: + AllowedResources: {Ref: AllowedResources} + User: + Type: AWS::IAM::User + Properties: + Policies: [ { Ref: AccessPolicy } ] + Key: + Type: AWS::IAM::AccessKey + Properties: + UserName: + Ref: User +Outputs: + AccessKeyId: + Ref: Key + SecretKey: + Fn::GetAtt: [ Key, SecretAccessKey ] @@ -30,33 +30,20 @@ Parameters: AvailabilityZones: Type: List Default: [ 1 ] + TemplateURL: + Type: String + Default: https://raw.github.com/openstack-ops/templates/master/ Resources: - EngineAccessPolicy: - Type: OS::Heat::AccessPolicy - Properties: - AllowedResources: [ HeatEngine ] EngineUser: - Type: AWS::IAM::User - Properties: - Policies: [ { Ref: EngineAccessPolicy } ] - EngineKey: - Type: AWS::IAM::AccessKey - Properties: - UserName: - Ref: EngineUser - ApiAccessPolicy: - Type: OS::Heat::AccessPolicy - Properties: - AllowedResources: [ HeatAPILaunch ] + Type: AWS::CloudFormation::Stack + TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]} + Parameters: + AccessList: [ HeatEngine ] ApiUser: - Type: AWS::IAM::User - Properties: - Policies: [ { Ref: ApiAccessPolicy } ] - ApiKey: - Type: AWS::IAM::AccessKey - Properties: - UserName: - Ref: ApiUser + Type: AWS::CloudFormation::Stack + TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]} + Parameters: + AccessList: [ HeatAPI, HeatAPILaunch ] HeatAPILaunch: Type: AWS::AutoScaling::LaunchConfiguration Metadata: @@ -67,9 +54,9 @@ Resources: host: {Ref: RabbitMQHost} password: {Ref: RabbitMQPassword} access_key_id: - Ref: ApiKey + Fn::GetAtt: [ ApiUser, AccessKeyId ] secret_key: - Fn::GetAtt: [ ApiKey, SecretAccessKey ] + Fn::GetAtt: [ ApiUser, SecretAccessKey ] stack: name: {Ref: 'AWS::StackName'} region: {Ref: 'AWS::Region'} @@ -99,9 +86,9 @@ Resources: host: {Ref: RabbitMQHost} password: {Ref: RabbitMQPassword} access_key_id: - Ref: EngineKey + Fn::GetAtt: [ EngineUser, AccessKeyId ] secret_key: - Fn::GetAtt: [ EngineKey, SecretAccessKey ] + Fn::GetAtt: [ EngineUser, SecretAccessKey ] stack: name: {Ref: 'AWS::StackName'} region: {Ref: 'AWS::Region'} |