summaryrefslogtreecommitdiff
path: root/stacks/codebuild-service-role.json.in
diff options
context:
space:
mode:
Diffstat (limited to 'stacks/codebuild-service-role.json.in')
-rw-r--r--stacks/codebuild-service-role.json.in49
1 files changed, 49 insertions, 0 deletions
diff --git a/stacks/codebuild-service-role.json.in b/stacks/codebuild-service-role.json.in
new file mode 100644
index 0000000..abcb514
--- /dev/null
+++ b/stacks/codebuild-service-role.json.in
@@ -0,0 +1,49 @@
+[+ autogen5 template -*- mode: json -*- +]
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:PutLogEvents"
+ ],
+ "Resource": [
+ {"Fn::Join": [":", [
+ "arn:aws:logs",
+ {"Ref": "AWS::Region"},
+ {"Ref": "AWS::AccountId"},
+ "log-group:/aws/codebuild/CodeBuild*"]]},
+ {"Fn::Join": [":", [
+ "arn:aws:logs",
+ {"Ref": "AWS::Region"},
+ {"Ref": "AWS::AccountId"},
+ "log-group:/aws/codebuild/CodeBuild*",
+ "log-stream:*"]]}
+ ]
+ }, {
+ "Effect": "Allow",
+ "Action": [
+ "codecommit:GitPull"
+ ],
+ "Resource": [
+ {"Fn::Join": [":", [
+ "arn:aws:codecommit",
+ {"Ref": "AWS::Region"},
+ {"Ref": "AWS::AccountId"},
+ "*"]]}
+ ]
+ }, {
+ "Effect": "Allow",
+ "Action": [
+ "s3:PutObject",
+ "s3:Get*",
+ "s3:List"
+ ],
+ "Resource": [
+ {"Fn::GetAtt": ["BlogContentBucket", "Arn"]},
+ {"Fn::Join": ["", [{"Fn::GetAtt": ["BlogContentBucket", "Arn"]}, "/*"]]}
+ ]
+ }
+ ]
+}
generated by cgit v1.2.1 (git 2.18.0) at 2024-06-03 07:24:57 +0000