Update

Author: mrichman

CloudFormation/Creating-Lambda-Backed-Custom-Resources/cf.yaml

@@ -30,6 +30,65 @@ Metadata:
           - ConfirmPassword
 
 Resources:
+
+  CFNUser:
+    Type: AWS::IAM::User
+    Properties:
+      LoginProfile:
+        Password: !Ref Password
+  
+  CFNUserGroup:
+    Type: AWS::IAM::Group
+  
+  CFNAdminGroup:
+    Type: AWS::IAM::Group
+  
+  Users:
+    Type: AWS::IAM::UserToGroupAddition
+    Properties:
+      GroupName: !Ref CFNUserGroup
+      Users:
+        - !Ref CFNUser
+  
+  Admins:
+    Type: AWS::IAM::UserToGroupAddition
+    Properties:
+      GroupName: !Ref CFNAdminGroup
+      Users:
+        - !Ref CFNUser
+  
+  CFNUserPolicies:
+    Type: AWS::IAM::Policy
+    Properties:
+      PolicyName: CFNUsers
+      PolicyDocument:
+        Statement:
+          - Effect: Allow
+            Action:
+              - 'cloudformation:Describe*'
+              - 'cloudformation:List*'
+              - 'cloudformation:Get*'
+            Resource: '*'
+      Groups:
+        - !Ref CFNUserGroup
+  
+  CFNAdminPolicies:
+    Type: AWS::IAM::Policy
+    Properties:
+      PolicyName: CFNAdmins
+      PolicyDocument:
+        Statement:
+          - Effect: Allow
+            Action: 'cloudformation:*'
+            Resource: '*'
+      Groups:
+        - !Ref CFNAdminGroup
+  
+  CFNKeys:
+    Type: AWS::IAM::AccessKey
+    Properties:
+      UserName: !Ref CFNUser
+
   LambdaExecutionRole:
     Type: AWS::IAM::Role
     Properties:
@@ -53,7 +112,7 @@ Resources:
                   - 'logs:CreateLogStream'
                   - 'logs:PutLogEvents'
                 Resource: 'arn:aws:logs:*:*:*'
-  
+
   CheckPasswordsFunction:
     Type: AWS::Lambda::Function
     Properties:
@@ -95,69 +154,9 @@ Resources:
   TestPasswords:
     Type: Custom::LambdaCallout
     Properties:
-      ServiceToken: !GetAtt 
-        - CheckPasswordsFunction
-        - Arn
+      ServiceToken: !GetAtt CheckPasswordsFunction.Arn
       Password: !Ref Password
       ConfirmPassword: !Ref ConfirmPassword
-  
-  CFNUser:
-    Type: AWS::IAM::User
-    Properties:
-      LoginProfile:
-        Password: !Ref Password
-  
-  CFNUserGroup:
-    Type: 'AWS::IAM::Group'
-  
-  CFNAdminGroup:
-    Type: AWS::IAM::Group
-  
-  Users:
-    Type: AWS::IAM::UserToGroupAddition
-    Properties:
-      GroupName: !Ref CFNUserGroup
-      Users:
-        - !Ref CFNUser
-  
-  Admins:
-    Type: AWS::IAM::UserToGroupAddition
-    Properties:
-      GroupName: !Ref CFNAdminGroup
-      Users:
-        - !Ref CFNUser
-  
-  CFNUserPolicies:
-    Type: AWS::IAM::Policy
-    Properties:
-      PolicyName: CFNUsers
-      PolicyDocument:
-        Statement:
-          - Effect: Allow
-            Action:
-              - 'cloudformation:Describe*'
-              - 'cloudformation:List*'
-              - 'cloudformation:Get*'
-            Resource: '*'
-      Groups:
-        - !Ref CFNUserGroup
-  
-  CFNAdminPolicies:
-    Type: AWS::IAM::Policy
-    Properties:
-      PolicyName: CFNAdmins
-      PolicyDocument:
-        Statement:
-          - Effect: Allow
-            Action: 'cloudformation:*'
-            Resource: '*'
-      Groups:
-        - !Ref CFNAdminGroup
-  
-  CFNKeys:
-    Type: AWS::IAM::AccessKey
-    Properties:
-      UserName: !Ref CFNUser
 
 Outputs:
   AccessKey: