mirror of
https://github.com/farcasclaudiu/terraform-course.git
synced 2026-06-22 09:01:59 +03:00
Edward Viaene
136 lines
2.5 KiB
Terraform
136 lines
2.5 KiB
Terraform
#
|
|
# iam roles
|
|
#
|
|
resource "aws_iam_role" "demo-codebuild" {
|
|
name = "demo-codebuild"
|
|
|
|
assume_role_policy = <<EOF
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Service": "codebuild.amazonaws.com"
|
|
},
|
|
"Action": "sts:AssumeRole"
|
|
}
|
|
]
|
|
}
|
|
EOF
|
|
|
|
}
|
|
|
|
resource "aws_iam_role_policy" "demo-codebuild" {
|
|
role = aws_iam_role.demo-codebuild.name
|
|
|
|
policy = <<POLICY
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
],
|
|
"Action": [
|
|
"logs:CreateLogGroup",
|
|
"logs:CreateLogStream",
|
|
"logs:PutLogEvents"
|
|
]
|
|
},
|
|
{
|
|
"Sid": "CodeCommitPolicy",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"codecommit:GitPull"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"ec2:CreateNetworkInterface",
|
|
"ec2:DescribeDhcpOptions",
|
|
"ec2:DescribeNetworkInterfaces",
|
|
"ec2:DeleteNetworkInterface",
|
|
"ec2:DescribeSubnets",
|
|
"ec2:DescribeSecurityGroups",
|
|
"ec2:DescribeVpcs"
|
|
],
|
|
"Resource": "*"
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"s3:*"
|
|
],
|
|
"Resource": [
|
|
"${aws_s3_bucket.codebuild-cache.arn}",
|
|
"${aws_s3_bucket.codebuild-cache.arn}/*"
|
|
]
|
|
},
|
|
{
|
|
"Effect":"Allow",
|
|
"Action": [
|
|
"s3:List*",
|
|
"s3:Put*",
|
|
"s3:Get*"
|
|
],
|
|
"Resource": [
|
|
"${aws_s3_bucket.demo-artifacts.arn}",
|
|
"${aws_s3_bucket.demo-artifacts.arn}/*"
|
|
]
|
|
},
|
|
{
|
|
"Sid": "ECRPushPolicy",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"ecr:BatchCheckLayerAvailability",
|
|
"ecr:GetDownloadUrlForLayer",
|
|
"ecr:GetRepositoryPolicy",
|
|
"ecr:DescribeRepositories",
|
|
"ecr:ListImages",
|
|
"ecr:DescribeImages",
|
|
"ecr:BatchGetImage",
|
|
"ecr:InitiateLayerUpload",
|
|
"ecr:UploadLayerPart",
|
|
"ecr:CompleteLayerUpload",
|
|
"ecr:PutImage"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Sid": "ECRAuthPolicy",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"ecr:GetAuthorizationToken"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"kms:DescribeKey",
|
|
"kms:GenerateDataKey*",
|
|
"kms:Encrypt",
|
|
"kms:ReEncrypt*",
|
|
"kms:Decrypt"
|
|
],
|
|
"Resource": [
|
|
"${aws_kms_key.demo-artifacts.arn}"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
POLICY
|
|
|
|
}
|
|
|