--- /dev/null
+HeatTemplateFormatVersion: '2012-12-12'
+Description: 'HEAT Template - Heat Engine and API'
+Parameters:
+ AllowedResources:
+ Type: list
+Resources:
+ AccessPolicy:
+ Type: OS::Heat::AccessPolicy
+ Properties:
+ AllowedResources: {Ref: AllowedResources}
+ User:
+ Type: AWS::IAM::User
+ Properties:
+ Policies: [ { Ref: AccessPolicy } ]
+ Key:
+ Type: AWS::IAM::AccessKey
+ Properties:
+ UserName:
+ Ref: User
+Outputs:
+ AccessKeyId:
+ Ref: Key
+ SecretKey:
+ Fn::GetAtt: [ Key, SecretAccessKey ]
AvailabilityZones:
Type: List
Default: [ 1 ]
+ TemplateURL:
+ Type: String
+ Default: https://raw.github.com/openstack-ops/templates/master/
Resources:
- EngineAccessPolicy:
- Type: OS::Heat::AccessPolicy
- Properties:
- AllowedResources: [ HeatEngine ]
EngineUser:
- Type: AWS::IAM::User
- Properties:
- Policies: [ { Ref: EngineAccessPolicy } ]
- EngineKey:
- Type: AWS::IAM::AccessKey
- Properties:
- UserName:
- Ref: EngineUser
- ApiAccessPolicy:
- Type: OS::Heat::AccessPolicy
- Properties:
- AllowedResources: [ HeatAPILaunch ]
+ Type: AWS::CloudFormation::Stack
+ TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
+ Parameters:
+ AccessList: [ HeatEngine ]
ApiUser:
- Type: AWS::IAM::User
- Properties:
- Policies: [ { Ref: ApiAccessPolicy } ]
- ApiKey:
- Type: AWS::IAM::AccessKey
- Properties:
- UserName:
- Ref: ApiUser
+ Type: AWS::CloudFormation::Stack
+ TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
+ Parameters:
+ AccessList: [ HeatAPI, HeatAPILaunch ]
HeatAPILaunch:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
host: {Ref: RabbitMQHost}
password: {Ref: RabbitMQPassword}
access_key_id:
- Ref: ApiKey
+ Fn::GetAtt: [ ApiUser, AccessKeyId ]
secret_key:
- Fn::GetAtt: [ ApiKey, SecretAccessKey ]
+ Fn::GetAtt: [ ApiUser, SecretAccessKey ]
stack:
name: {Ref: 'AWS::StackName'}
region: {Ref: 'AWS::Region'}
host: {Ref: RabbitMQHost}
password: {Ref: RabbitMQPassword}
access_key_id:
- Ref: EngineKey
+ Fn::GetAtt: [ EngineUser, AccessKeyId ]
secret_key:
- Fn::GetAtt: [ EngineKey, SecretAccessKey ]
+ Fn::GetAtt: [ EngineUser, SecretAccessKey ]
stack:
name: {Ref: 'AWS::StackName'}
region: {Ref: 'AWS::Region'}