Skip to content

Commit

Permalink
Merge pull request #30 from rrigato/dev
Browse files Browse the repository at this point in the history
cleanup dev buildspec
  • Loading branch information
rrigato authored Dec 17, 2023
2 parents df9d4ff + e2e803a commit f976d25
Showing 1 changed file with 0 additions and 111 deletions.
111 changes: 0 additions & 111 deletions templates/code_pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,28 +49,6 @@ Resources:
!Join [' ', ['Repo for ', !Ref ProjectName,
!Ref RepositoryDescription]]
RepositoryName: !Ref ProjectName
##########################
#Build logs for CodeBuildPythonTests
#CodeBuild stage
#
#
##########################
DevArtifactsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName:
!Join ['', ['codebuild-dev-', !Ref ProjectName]]
Tags:
-
Key: stage
Value: dev
-
Key: retain
Value: "false"
-
Key: project
Value: !Ref ProjectName


##########################################
#Code Pipeline Is broken down into stages
Expand Down Expand Up @@ -184,95 +162,6 @@ Resources:
RunOrder: 1


####################################
#Role that will be assumed when
#CodeBuild runs for dev
#
####################################
CodeBuildRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ['sts:AssumeRole']
Effect: Allow
Principal:
Service: [codebuild.amazonaws.com]
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSCloudFormationFullAccess
- arn:aws:iam::aws:policy/AWSCodeCommitPowerUser
- arn:aws:iam::aws:policy/CloudWatchLogsFullAccess
Path: /
Policies:
- PolicyName: CodeBuildCustomerManaged
PolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: IAMallow
Effect: Allow
#######################################
#Allowing lambda to perform a PutItem on
#DynamoDB
#
#######################################
Action:
- iam:PassRole
- iam:CreateRole
- iam:DeleteRole
- iam:GetRole
- iam:UpdateAssumeRolePolicy
- iam:DetachRolePolicy
- iam:DeleteRolePolicy
- iam:PutRolePolicy
- iam:AttachRolePolicy
- iam:TagRole
Resource:
- "*"
#######################
#Permissions needed for aws
#CodeBuild service to run
#######################
- Sid: S3WebsiteCreation
Effect: Allow
#######################################
#Allowing CodeBuild to create
#resources necessary for s3 static webpage
#
#######################################
Action:
- s3:CreateBucket
- s3:DeleteBucket
- s3:DeleteBucketPolicy
- s3:DeleteObject
- s3:GetBucketAcl
- s3:GetBucketLocation
- s3:GetObject
- s3:GetObjectVersion
- s3:ListBucket
- s3:ListAllMyBuckets
- s3:PutBucketCORS
- s3:PutBucketPolicy
- s3:PutBucketWebsite
- s3:PutObject

Resource:
- "*"
#######################
#Permissions needed for aws
#CodeBuild to access client secrets
#######################
- Sid: SecretsManagerAccess
Effect: Allow
Action:
- secretsmanager:GetSecretValue # pragma: allowlist secret
- secretsmanager:UpdateSecret # pragma: allowlist secret
- secretsmanager:DeleteSecret # pragma: allowlist secret
Resource:
- "*"




####################
#Role assumed by cloudformation
Expand Down

0 comments on commit f976d25

Please sign in to comment.