diff options
| author | Kenny Ballou <kballou@devnulllabs.io> | 2020-01-28 21:49:30 -0700 |
|---|---|---|
| committer | Kenny Ballou <kballou@devnulllabs.io> | 2020-02-05 17:33:12 -0700 |
| commit | 0eea4a0abfdbf1225abd148eac0a7f151c1144b3 (patch) | |
| tree | 7572d62e5a9260c2b755d6c085769f2dcab5e8b0 /stacks/codebuild-service-role.json.in | |
| parent | 1bb882edd5c1745d1a1bd4cc12e30fcbd8f81be9 (diff) | |
| download | kennyballou.com-0eea4a0abfdbf1225abd148eac0a7f151c1144b3.tar.gz kennyballou.com-0eea4a0abfdbf1225abd148eac0a7f151c1144b3.tar.xz | |
code-{build,commit} auto build and deploy blog
Create codecommit and codebuild resources to store and build web/blog
content. Add in a lambda function to trigger the builds automatically
to futher automate deployment and publishing of content.
Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
Diffstat (limited to 'stacks/codebuild-service-role.json.in')
| -rw-r--r-- | stacks/codebuild-service-role.json.in | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/stacks/codebuild-service-role.json.in b/stacks/codebuild-service-role.json.in new file mode 100644 index 0000000..abcb514 --- /dev/null +++ b/stacks/codebuild-service-role.json.in @@ -0,0 +1,49 @@ +[+ autogen5 template -*- mode: json -*- +] +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Resource": [ + {"Fn::Join": [":", [ + "arn:aws:logs", + {"Ref": "AWS::Region"}, + {"Ref": "AWS::AccountId"}, + "log-group:/aws/codebuild/CodeBuild*"]]}, + {"Fn::Join": [":", [ + "arn:aws:logs", + {"Ref": "AWS::Region"}, + {"Ref": "AWS::AccountId"}, + "log-group:/aws/codebuild/CodeBuild*", + "log-stream:*"]]} + ] + }, { + "Effect": "Allow", + "Action": [ + "codecommit:GitPull" + ], + "Resource": [ + {"Fn::Join": [":", [ + "arn:aws:codecommit", + {"Ref": "AWS::Region"}, + {"Ref": "AWS::AccountId"}, + "*"]]} + ] + }, { + "Effect": "Allow", + "Action": [ + "s3:PutObject", + "s3:Get*", + "s3:List" + ], + "Resource": [ + {"Fn::GetAtt": ["BlogContentBucket", "Arn"]}, + {"Fn::Join": ["", [{"Fn::GetAtt": ["BlogContentBucket", "Arn"]}, "/*"]]} + ] + } + ] +} |