{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "IAM Roles for Code Build WebGoat IaaS Quickstart", "Parameters": { "qsS3BucketName": { "Description": "Name of the S3 Bucket for artifacts", "Type": "String", "MinLength": "1" }, "qsRoleName": { "Description": "Name of the IAM role that CodeBuild Will Use", "Type": "String", "Default": "SimpleCodeBuildRole", "MinLength": "1" } }, "Resources": { "qsCodeBuildRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "codebuild.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/webgoat/", "RoleName": { "Ref": "qsRoleName" }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess", "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess" ], "Policies": [ { "PolicyName": "CloudWatchLogs", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": [ {"Fn::Join": [ "",["arn:aws:logs:*:", { "Ref": "AWS::AccountId" }, ":log-group:/aws/codebuild*" ] ]} ], "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ] } ] } }, { "PolicyName": "S3buckets", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "qsS3BucketName" }, "*" ] ] }, "arn:aws:s3:::codepipeline-*" ], "Action": [ "s3:Put*", "s3:Get*", "s3:List*" ] } ] } } ] } } } }