{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "IAM Role for Code Pipeline WebGoat IaaS Quickstart", "Parameters": { "qsS3BucketName": { "Description": "Name of the S3 Bucket for artifacts", "Type": "String", "MinLength": "1" }, "qsRoleName": { "Description": "Name of the IAM role that CodePipeline Will Use", "Type": "String", "Default": "SimpleCodePipelineRole", "MinLength": "1" } }, "Resources": { "qsCodePipelineRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "codepipeline.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }, "Path": "/webgoat/", "RoleName": { "Ref": "qsRoleName" }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess", "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess" ], "Policies": [ { "PolicyName": "CloudWatchLogsPipeline", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": [ {"Fn::Join": [ "",["arn:aws:logs:*:", { "Ref": "AWS::AccountId" }, ":log-group:/aws/*" ] ]} ], "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ] } ] } }, { "PolicyName": "MiscComputeOpen", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "lambda:InvokeFunction", "lambda:ListFunctions", "elasticbeanstalk:*", "ec2:*", "elasticloadbalancing:*", "autoscaling:*", "cloudwatch:*", "s3:*", "sns:*", "cloudformation:*", "rds:*", "sqs:*", "ecs:*", "iam:PassRole" ] } ] } }, { "PolicyName": "S3buckets", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "qsS3BucketName" }, "*" ] ] }, "arn:aws:s3:::codepipeline-*", "arn:aws:s3:::elasticbeanstalk*" ], "Action": [ "s3:Put*", "s3:Get*", "s3:List*" ] } ] } } ] } } } }