Skip to content

Commit

Permalink
Merge pull request #27 from rrigato/dev
Browse files Browse the repository at this point in the history 
remove ProdCodeBuildRole and ProdArtifactsBucket
  • Loading branch information
@rrigato
rrigato authored Dec 16, 2023
2 parents f5df700 + 83a6416 commit df27ec6
Showing 1 changed file with 1 addition and 136 deletions.
137 changes: 1 addition & 136 deletions templates/code_pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,6 @@ AWSTemplateFormatVersion: "2010-09-09"
Description: Creates a CodePipeline for a CI/CD pipeline
Parameters:

ProdCrossAccountArn:
Default: arn/placeholder
Description:
Arn of the role that will be used to update prod resources
Type: String

#Default project name that
#the git repo will be called
ProjectName:
Expand Down Expand Up @@ -76,28 +70,7 @@ Resources:
-
Key: project
Value: !Ref ProjectName
##########################
#Build logs for ProdCodeBuildDeploy
#CodeBuild stage
#
#
##########################
ProdArtifactsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName:
!Join ['', ['prod-build-', !Ref ProjectName]]
Tags:
-
Key: stage
Value: prod
-
Key: retain
Value: "false"
-
Key: project
Value: !Ref ProjectName



#################################
#Code Build Project that runs python
Expand Down Expand Up @@ -476,114 +449,6 @@ Resources:
Resource:
- "*"


####################################
#Role that will be assumed when
#CodeBuild runs for Prod
#
####################################
ProdCodeBuildRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ['sts:AssumeRole']
Effect: Allow
Principal:
Service: [codebuild.amazonaws.com]
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSCodeCommitPowerUser
- arn:aws:iam::aws:policy/CloudWatchLogsFullAccess

Path: /
Policies:
- PolicyName: CodeBuildCustomerManaged
PolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: IAMallow
Effect: Allow
#######################################
#Allowing lambda to perform a PutItem on
#DynamoDB
#
#######################################
Action:
- iam:PassRole
- iam:CreateRole
- iam:GetRole
- iam:UpdateAssumeRolePolicy
- iam:DetachRolePolicy
- iam:DeleteRolePolicy
- iam:PutRolePolicy
Resource:
- "*"
#######################
#Permissions needed for aws
#CodeBuild service to run
#######################
- Sid: S3WebsiteCreation
Effect: Allow
#######################################
#Allowing CodeBuild to create
#resources necessary for s3 static webpage
#
#######################################
Action:
- s3:CreateBucket
- s3:DeleteBucket
- s3:DeleteBucketPolicy
- s3:DeleteObject
- s3:GetBucketAcl
- s3:GetBucketLocation
- s3:GetObject
- s3:GetObjectVersion
- s3:ListBucket
- s3:ListAllMyBuckets
- s3:PutBucketCORS
- s3:PutBucketPolicy
- s3:PutBucketWebsite
- s3:PutObject

Resource:
- "*"

#######################
#Permissions needed for aws
#CodeBuild to create/delete stacks
#######################
- Sid: CodeBuildCfCreation
Effect: Allow
#######################################
#Allowing CodeBuild to create
#resources necessary for s3 static webpage
#
#######################################
Action:
- cloudformation:CreateStack
- cloudformation:DeleteStack
- cloudformation:DescribeStacks
Resource:
- "*"

#######################
#Permissions needed for aws
#CodeBuild to assume the production
#cross account role
#######################
- Sid: AssumeProdAccountRole
Effect: Allow
#######################################
#Allowing CodeBuild to update
#resources necessary for s3 static webpage
#
#######################################
Action:
- sts:AssumeRole
Resource:
- "*"

CFNRole:
Type: AWS::IAM::Role
Properties:
Expand Down

0 comments on commit df27ec6

Please sign in to comment.