aws-cdk-playground-python/cdk_iam_lab_stack.py at main · Cloud-DevOps-Labs/aws-cdk-playground-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
from aws_cdk import (
    Stack,
    CfnOutput,
    aws_iam as iam
)
from constructs import Construct

class CdkIamLabStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # Crear grupo de Power Users
        power_users_group = iam.Group(
            self, 'PowerUsersGroup',
            group_name='power-users'
        )

        # Adjuntar política PowerUserAccess al grupo
        power_users_group.add_managed_policy(
            iam.ManagedPolicy.from_aws_managed_policy_name('PowerUserAccess')
        )

        # Crear usuario IAM
        user = iam.User(
            self, 'PowerUser',
            user_name='power-user-cdk',
            groups=[power_users_group]
        )

        # Crear access key para el usuario
        access_key = iam.CfnAccessKey(
            self, 'PowerUserAccessKey',
            user_name=user.user_name
        )

        # Outputs para obtener las credenciales
#        CfnOutput(
#            self, 'AccessKeyId',
#            value=access_key.ref
#        )