add iam/roles

kosendj · Jun 25, 2015 · 5358ffe · 5358ffe
1 parent cb63064
commit 5358ffe
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/iam/roles/app_gjcase.rb b/iam/roles/app_gjcase.rb
@@ -0,0 +1,30 @@
+role "AppGjcase", path: path do
+  instance_profiles(
+    "AppGjcase"
+  )
+
+  assume_role_policy_document do
+    {"Version"=>"2012-10-17",
+     "Statement"=>
+      [{"Sid"=>"",
+        "Effect"=>"Allow",
+        "Principal"=>{"Service"=>"ec2.amazonaws.com"},
+        "Action"=>"sts:AssumeRole"}]}
+  end
+
+  policy "allow_s3_gjcase-prod" do
+    {
+      "Version"=>"2012-10-17",
+      "Statement" => [
+        {
+          "Effect" => "Allow",
+          "Action" => [
+            "s3:*",
+          ],
+          "Resource" => %w(arn:aws:s3:::gjcase-prod arn:aws:s3:::gjcase-prod/*),
+        },
+      ]
+    }
+  end
+end
+instance_profile "AppGjcase", path: path