codepipeline (#30)

* codepipeline
This commit is contained in:
Edward Viaene
2020-02-20 21:43:59 +01:00
committed by GitHub
parent cc37d59c87
commit 04cc267e86
12 changed files with 293 additions and 39 deletions
+10 -5
View File
@@ -44,7 +44,7 @@ data "aws_iam_policy_document" "demo-codepipeline-role-policy" {
actions = [
"sts:AssumeRole",
]
resources = [
resources = [
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/demo-codepipeline",
]
}
@@ -78,6 +78,7 @@ data "aws_iam_policy_document" "demo-codepipeline-role-policy" {
statement {
effect = "Allow"
actions = [
"codedeploy:*",
"ecs:*",
]
resources = [
@@ -87,19 +88,23 @@ data "aws_iam_policy_document" "demo-codepipeline-role-policy" {
statement {
effect = "Allow"
actions = [
"iam:PassRole",
"iam:PassRole"
]
resources = [
aws_iam_role.ecs-task-execution-role.arn,
aws_iam_role.ecs-demo-task-role.arn,
]
condition {
test = "StringLike"
variable = "iam:PassedToService"
values = ["ecs-tasks.amazonaws.com"]
}
}
}
resource "aws_iam_role_policy" "demo-codepipeline" {
name = "codepipeline-policy"
role = aws_iam_role.demo-codepipeline.id
name = "codepipeline-policy"
role = aws_iam_role.demo-codepipeline.id
policy = data.aws_iam_policy_document.demo-codepipeline-role-policy.json
}