-
Notifications
You must be signed in to change notification settings - Fork 8
/
aws_iam_role_policy.codecommit.tf
46 lines (45 loc) · 1.68 KB
/
aws_iam_role_policy.codecommit.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
resource "aws_iam_role_policy" "codecommit" {
name = "codecommit-${var.name}"
count = var.reponame == "" ? 0 : 1
role = aws_iam_role.codebuild[count.index].id
policy = <<JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"codecommit:GetTree",
"codecommit:ListPullRequests",
"codecommit:GetBlob",
"codecommit:GetReferences",
"codecommit:GetCommentsForComparedCommit",
"codecommit:GetCommit",
"codecommit:GetComment",
"codecommit:GetCommitHistory",
"codecommit:GetCommitsFromMergeBase",
"codecommit:DescribePullRequestEvents",
"codecommit:GetPullRequest",
"codecommit:ListBranches",
"codecommit:GetRepositoryTriggers",
"codecommit:GitPull",
"codecommit:BatchGetRepositories",
"codecommit:GetCommentsForPullRequest",
"codecommit:GetObjectIdentifier",
"codecommit:CancelUploadArchive",
"codecommit:GetFolder",
"codecommit:BatchGetPullRequests",
"codecommit:GetFile",
"codecommit:GetUploadArchiveStatus",
"codecommit:GetDifferences",
"codecommit:GetRepository",
"codecommit:GetBranch",
"codecommit:GetMergeConflicts"
],
"Resource": "arn:aws:codecommit:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${var.reponame}"
}
]
}
JSON
}