diff options
-rw-r--r-- | generic-user.yaml | 24 | ||||
-rw-r--r-- | heat.yaml | 40 |
2 files changed, 28 insertions, 36 deletions
diff --git a/generic-user.yaml b/generic-user.yaml deleted file mode 100644 index a14f1c6c..00000000 --- a/generic-user.yaml +++ /dev/null @@ -1,24 +0,0 @@ -HeatTemplateFormatVersion: '2012-12-12' -Description: 'HEAT Template - Heat Engine and API' -Parameters: - AllowedResources: - Type: CommaDelimitedList -Resources: - AccessPolicy: - Type: OS::Heat::AccessPolicy - Properties: - AllowedResources: {Ref: AllowedResources} - User: - Type: AWS::IAM::User - Properties: - Policies: [ { Ref: AccessPolicy } ] - Key: - Type: AWS::IAM::AccessKey - Properties: - UserName: - Ref: User -Outputs: - AccessKeyId: - Ref: Key - SecretKey: - Fn::GetAtt: [ Key, SecretAccessKey ] @@ -34,16 +34,32 @@ Parameters: Type: String Default: https://raw.github.com/openstack-ops/templates/master/ Resources: + EngineAccessPolicy: + Type: OS::Heat::AccessPolicy + Properties: + AllowedResources: [ HeatEngine ] EngineUser: - Type: AWS::CloudFormation::Stack - TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]} - Parameters: - AccessList: [ HeatEngine ] + Type: AWS::IAM::User + Properties: + Policies: [ { Ref: EngineAccessPolicy } ] + EngineKey: + Type: AWS::IAM::AccessKey + Properties: + UserName: + Ref: EngineUser + ApiAccessPolicy: + Type: OS::Heat::AccessPolicy + Properties: + AllowedResources: [ HeatAPI, HeatAPILaunch ] ApiUser: - Type: AWS::CloudFormation::Stack - TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]} - Parameters: - AccessList: [ HeatAPI, HeatAPILaunch ] + Type: AWS::IAM::User + Properties: + Policies: [ { Ref: ApiAccessPolicy } ] + ApiKey: + Type: AWS::IAM::AccessKey + Properties: + UserName: + Ref: ApiUser HeatAPILaunch: Type: AWS::AutoScaling::LaunchConfiguration Metadata: @@ -54,9 +70,9 @@ Resources: host: {Ref: RabbitMQHost} password: {Ref: RabbitMQPassword} access_key_id: - Fn::GetAtt: [ ApiUser, AccessKeyId ] + Ref: ApiKey secret_key: - Fn::GetAtt: [ ApiUser, SecretAccessKey ] + Fn::GetAtt: [ ApiKey, SecretAccessKey ] stack: name: {Ref: 'AWS::StackName'} region: {Ref: 'AWS::Region'} @@ -86,9 +102,9 @@ Resources: host: {Ref: RabbitMQHost} password: {Ref: RabbitMQPassword} access_key_id: - Fn::GetAtt: [ EngineUser, AccessKeyId ] + Ref: EngineKey secret_key: - Fn::GetAtt: [ EngineUser, SecretAccessKey ] + Fn::GetAtt: [ EngineKey, SecretAccessKey ] stack: name: {Ref: 'AWS::StackName'} region: {Ref: 'AWS::Region'} |