initial add of cloudformation for platform seeding purposes
This commit is contained in:
Nicholas J. Parks
committed by
Nanne Baars
Nanne Baars
parent
fbb389a7b4
commit
c3d18d5582
101
platformQuickStarts/AWS/codepipelinebuild/01_IAM_codebuild.json
Normal file
101
platformQuickStarts/AWS/codepipelinebuild/01_IAM_codebuild.json
Normal file
@ -0,0 +1,101 @@
|
||||
{
|
||||
"AWSTemplateFormatVersion": "2010-09-09",
|
||||
"Description": "IAM Roles for Code Build WebGoat IaaS Quickstart",
|
||||
"Parameters": {
|
||||
"qsS3BucketName": {
|
||||
"Description": "Name of the S3 Bucket for artifacts",
|
||||
"Type": "String",
|
||||
"MinLength": "1"
|
||||
},
|
||||
"qsRoleName": {
|
||||
"Description": "Name of the IAM role that CodeBuild Will Use",
|
||||
"Type": "String",
|
||||
"Default": "SimpleCodeBuildRole",
|
||||
"MinLength": "1"
|
||||
}
|
||||
},
|
||||
"Resources": {
|
||||
"qsCodeBuildRole": {
|
||||
"Type": "AWS::IAM::Role",
|
||||
"Properties": {
|
||||
"AssumeRolePolicyDocument": {
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"Service": [
|
||||
"codebuild.amazonaws.com"
|
||||
]
|
||||
},
|
||||
"Action": [
|
||||
"sts:AssumeRole"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"Path": "/webgoat/",
|
||||
"RoleName": {
|
||||
"Ref": "qsRoleName"
|
||||
},
|
||||
"ManagedPolicyArns": [
|
||||
"arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
|
||||
"arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess",
|
||||
"arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess"
|
||||
],
|
||||
"Policies": [
|
||||
{
|
||||
"PolicyName": "CloudWatchLogs",
|
||||
"PolicyDocument": {
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
{"Fn::Join": [ "",["arn:aws:logs:*:", { "Ref": "AWS::AccountId" }, ":log-group:/aws/codebuild*" ] ]}
|
||||
],
|
||||
"Action": [
|
||||
"logs:CreateLogGroup",
|
||||
"logs:CreateLogStream",
|
||||
"logs:PutLogEvents"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"PolicyName": "S3buckets",
|
||||
"PolicyDocument": {
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
{
|
||||
"Fn::Join": [
|
||||
"",
|
||||
[
|
||||
"arn:aws:s3:::",
|
||||
{
|
||||
"Ref": "qsS3BucketName"
|
||||
},
|
||||
"*"
|
||||
]
|
||||
]
|
||||
},
|
||||
"arn:aws:s3:::codepipeline-*"
|
||||
],
|
||||
"Action": [
|
||||
"s3:Put*",
|
||||
"s3:Get*",
|
||||
"s3:List*"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user