yaml-sample のバックアップ(No.1) - erion1107自分用-PukiWiki

バックアップ一覧
差分を表示
現在との差分を表示
ソースを表示
yaml-sample へ行く。
- 1 (2023-10-02 (月) 13:47:06)

Resources:
  ECRRepository:
    Type: AWS::ECR::Repository
    Properties:
      RepositoryName: YourRepositoryName

  ECRRepositoryRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: test001
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: ecr.amazonaws.com
            Action: sts:AssumeRole

  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: LambdaExecutionRole
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: LambdaECRIntegrationPolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - ecr:GetAuthorizationToken
                  - ecr:GetDownloadUrlForLayer
                  - ecr:BatchCheckLayerAvailability
                  - ecr:GetRepositoryPolicy
                  - ecr:DescribeRepositories
                  - ecr:ListImages
                  - ecr:GetLifecyclePolicy
                  - ecr:GetLifecyclePolicyPreview
                  - ecr:GetRepositoryPolicy
                  - ecr:DescribeImages
                  - ecr:GetImageScanFindings
                  - ecr:InitiateLayerUpload
                  - ecr:UploadLayerPart
                  - ecr:CompleteLayerUpload
                  - ecr:PutImage
                Resource: !GetAtt ECRRepository.Arn

  AnotherRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: AnotherRole
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com # または必要なサービス
            Action: sts:AssumeRole

  ECRRepositoryPolicy:
    Type: AWS::ECR::RepositoryPolicy
    Properties:
      RepositoryName: !Ref ECRRepository
      PolicyText:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              AWS: !GetAtt AnotherRole.Arn # 別のIAMロールのARNを指定
            Action:
              - ecr:GetDownloadUrlForLayer
              - ecr:BatchCheckLayerAvailability
              - ecr:GetRepositoryPolicy
              - ecr:DescribeRepositories
              - ecr:ListImages
              - ecr:GetLifecyclePolicy
              - ecr:GetLifecyclePolicyPreview
              - ecr:GetRepositoryPolicy
              - ecr:DescribeImages
              - ecr:GetImageScanFindings
              - ecr:InitiateLayerUpload
              - ecr:UploadLayerPart
              - ecr:CompleteLayerUpload
              - ecr:PutImage

Name †

↑

Contents †

Name
Contents
What's XX
Discribe
1.
- 1.1.
  - 1.1.1

↑

What's XX †

XX is ～

↑

Discribe †

XX discribe is ～

example.

XXX = XX + X

↑

1. †

↑

1.1. †

↑

1.1.1 †

①
1. ②
  1. ③

・１
- ・２
  - ・３

[[kiji-template]]

* Name

* Contents
#contents


* What's XX
XX is ～

* Discribe
XX discribe is ～

example.
 XXX = XX + X



* 1.

** 1.1.

*** 1.1.1

+ ①
++ ②
+++ ③

- ・１
-- ・２
--- ・３

|　|　|h
|　|　|
|　|　|

----