diff --git a/templates/code_pipeline.yml b/templates/code_pipeline.yml index 8eaf4e8..08fe064 100644 --- a/templates/code_pipeline.yml +++ b/templates/code_pipeline.yml @@ -2,12 +2,6 @@ AWSTemplateFormatVersion: "2010-09-09" Description: Creates a CodePipeline for a CI/CD pipeline Parameters: - ProdCrossAccountArn: - Default: arn/placeholder - Description: - Arn of the role that will be used to update prod resources - Type: String - #Default project name that #the git repo will be called ProjectName: @@ -76,28 +70,7 @@ Resources: - Key: project Value: !Ref ProjectName - ########################## - #Build logs for ProdCodeBuildDeploy - #CodeBuild stage - # - # - ########################## - ProdArtifactsBucket: - Type: AWS::S3::Bucket - Properties: - BucketName: - !Join ['', ['prod-build-', !Ref ProjectName]] - Tags: - - - Key: stage - Value: prod - - - Key: retain - Value: "false" - - - Key: project - Value: !Ref ProjectName - + ################################# #Code Build Project that runs python @@ -476,114 +449,6 @@ Resources: Resource: - "*" - -#################################### -#Role that will be assumed when -#CodeBuild runs for Prod -# -#################################### - ProdCodeBuildRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: ['sts:AssumeRole'] - Effect: Allow - Principal: - Service: [codebuild.amazonaws.com] - Version: '2012-10-17' - ManagedPolicyArns: - - arn:aws:iam::aws:policy/AWSCodeCommitPowerUser - - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess - - Path: / - Policies: - - PolicyName: CodeBuildCustomerManaged - PolicyDocument: - Version: "2012-10-17" - Statement: - - Sid: IAMallow - Effect: Allow - ####################################### - #Allowing lambda to perform a PutItem on - #DynamoDB - # - ####################################### - Action: - - iam:PassRole - - iam:CreateRole - - iam:GetRole - - iam:UpdateAssumeRolePolicy - - iam:DetachRolePolicy - - iam:DeleteRolePolicy - - iam:PutRolePolicy - Resource: - - "*" - ####################### - #Permissions needed for aws - #CodeBuild service to run - ####################### - - Sid: S3WebsiteCreation - Effect: Allow - ####################################### - #Allowing CodeBuild to create - #resources necessary for s3 static webpage - # - ####################################### - Action: - - s3:CreateBucket - - s3:DeleteBucket - - s3:DeleteBucketPolicy - - s3:DeleteObject - - s3:GetBucketAcl - - s3:GetBucketLocation - - s3:GetObject - - s3:GetObjectVersion - - s3:ListBucket - - s3:ListAllMyBuckets - - s3:PutBucketCORS - - s3:PutBucketPolicy - - s3:PutBucketWebsite - - s3:PutObject - - Resource: - - "*" - - ####################### - #Permissions needed for aws - #CodeBuild to create/delete stacks - ####################### - - Sid: CodeBuildCfCreation - Effect: Allow - ####################################### - #Allowing CodeBuild to create - #resources necessary for s3 static webpage - # - ####################################### - Action: - - cloudformation:CreateStack - - cloudformation:DeleteStack - - cloudformation:DescribeStacks - Resource: - - "*" - - ####################### - #Permissions needed for aws - #CodeBuild to assume the production - #cross account role - ####################### - - Sid: AssumeProdAccountRole - Effect: Allow - ####################################### - #Allowing CodeBuild to update - #resources necessary for s3 static webpage - # - ####################################### - Action: - - sts:AssumeRole - Resource: - - "*" - CFNRole: Type: AWS::IAM::Role Properties: