+++ /dev/null
-HeatTemplateFormatVersion: '2012-12-12'
-Description: 'HEAT Template - Heat Engine and API'
-Parameters:
- AllowedResources:
- Type: CommaDelimitedList
-Resources:
- AccessPolicy:
- Type: OS::Heat::AccessPolicy
- Properties:
- AllowedResources: {Ref: AllowedResources}
- User:
- Type: AWS::IAM::User
- Properties:
- Policies: [ { Ref: AccessPolicy } ]
- Key:
- Type: AWS::IAM::AccessKey
- Properties:
- UserName:
- Ref: User
-Outputs:
- AccessKeyId:
- Ref: Key
- SecretKey:
- Fn::GetAtt: [ Key, SecretAccessKey ]
Type: String
Default: https://raw.github.com/openstack-ops/templates/master/
Resources:
+ EngineAccessPolicy:
+ Type: OS::Heat::AccessPolicy
+ Properties:
+ AllowedResources: [ HeatEngine ]
EngineUser:
- Type: AWS::CloudFormation::Stack
- TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
- Parameters:
- AccessList: [ HeatEngine ]
+ Type: AWS::IAM::User
+ Properties:
+ Policies: [ { Ref: EngineAccessPolicy } ]
+ EngineKey:
+ Type: AWS::IAM::AccessKey
+ Properties:
+ UserName:
+ Ref: EngineUser
+ ApiAccessPolicy:
+ Type: OS::Heat::AccessPolicy
+ Properties:
+ AllowedResources: [ HeatAPI, HeatAPILaunch ]
ApiUser:
- Type: AWS::CloudFormation::Stack
- TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
- Parameters:
- AccessList: [ HeatAPI, HeatAPILaunch ]
+ Type: AWS::IAM::User
+ Properties:
+ Policies: [ { Ref: ApiAccessPolicy } ]
+ ApiKey:
+ Type: AWS::IAM::AccessKey
+ Properties:
+ UserName:
+ Ref: ApiUser
HeatAPILaunch:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
host: {Ref: RabbitMQHost}
password: {Ref: RabbitMQPassword}
access_key_id:
- Fn::GetAtt: [ ApiUser, AccessKeyId ]
+ Ref: ApiKey
secret_key:
- Fn::GetAtt: [ ApiUser, SecretAccessKey ]
+ Fn::GetAtt: [ ApiKey, SecretAccessKey ]
stack:
name: {Ref: 'AWS::StackName'}
region: {Ref: 'AWS::Region'}
host: {Ref: RabbitMQHost}
password: {Ref: RabbitMQPassword}
access_key_id:
- Fn::GetAtt: [ EngineUser, AccessKeyId ]
+ Ref: EngineKey
secret_key:
- Fn::GetAtt: [ EngineUser, SecretAccessKey ]
+ Fn::GetAtt: [ EngineKey, SecretAccessKey ]
stack:
name: {Ref: 'AWS::StackName'}
region: {Ref: 'AWS::Region'}