feat: add permissions for ECR, S3, CodePipeline, CodeBuild, Lambda, and API Gateway
This commit is contained in:
parent
5ca77a5360
commit
4e533c005d
1 changed files with 49 additions and 0 deletions
|
|
@ -26,6 +26,8 @@ Resources:
|
|||
- ecr:DeleteRepositoryPolicy
|
||||
- ecr:PutImageScanningConfiguration
|
||||
- ecr:SetRepositoryPolicy
|
||||
- ecr:PutLifecyclePolicy
|
||||
- ecr:DeleteLifecyclePolicy
|
||||
Resource:
|
||||
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/*
|
||||
- PolicyName: RoleWrite
|
||||
|
|
@ -79,7 +81,12 @@ Resources:
|
|||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- s3:CreateBucket
|
||||
- s3:DeleteBucket
|
||||
- s3:TagResource
|
||||
- s3:UntagResource
|
||||
- s3:PutBucketNotification
|
||||
- s3:PutBucketVersioning
|
||||
Resource:
|
||||
- arn:aws:s3:::*
|
||||
- PolicyName: CodePipelinePolicies
|
||||
|
|
@ -88,10 +95,24 @@ Resources:
|
|||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- codepipeline:CreatePipeline
|
||||
- codepipeline:UpdatePipeline
|
||||
- codepipeline:DeletePipeline
|
||||
Resource:
|
||||
- !Sub "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:*"
|
||||
- !Sub "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:*/*"
|
||||
- PolicyName: CodeBuildPolicy
|
||||
PolicyDocument:
|
||||
Version: "2012-10-17"
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- codebuild:CreateProject
|
||||
- codebuild:UpdateProject
|
||||
- codebuild:DeleteProject
|
||||
Resource:
|
||||
- !Sub "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:*"
|
||||
- !Sub "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:*/*"
|
||||
- PolicyName: EventPolicies
|
||||
PolicyDocument:
|
||||
Version: "2012-10-17"
|
||||
|
|
@ -102,6 +123,8 @@ Resources:
|
|||
- events:DeleteRule
|
||||
- events:PutTargets
|
||||
- events:RemoveTargets
|
||||
- events:TagResource
|
||||
- events:UntagResource
|
||||
Resource:
|
||||
- !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/*"
|
||||
- PolicyName: EbPolicies
|
||||
|
|
@ -148,6 +171,32 @@ Resources:
|
|||
- ecs:TagResource
|
||||
Resource:
|
||||
- !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:cluster/*"
|
||||
- PolicyName: LambdaPolicy
|
||||
PolicyDocument:
|
||||
Version: "2012-10-17"
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- lambda:CreateFunction
|
||||
- lambda:DeleteFunction
|
||||
- lambda:TagResource
|
||||
- lambda:UntagResource
|
||||
- lambda:AddPermission
|
||||
- lambda:RemovePermission
|
||||
Resource:
|
||||
- !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:*"
|
||||
- PolicyName: ApiGatewayPolicy
|
||||
PolicyDocument:
|
||||
Version: "2012-10-17"
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- apigateway:PUT
|
||||
- apigateway:PATCH
|
||||
- apigateway:POST
|
||||
- apigateway:DELETE
|
||||
Resource:
|
||||
- !Sub "arn:aws:apigateway:${AWS::Region}::/restapis/*"
|
||||
ManagedPolicyArns:
|
||||
- arn:aws:iam::aws:policy/ReadOnlyAccess
|
||||
- !Sub arn:aws:iam::${AWS::AccountId}:policy/CloudFormationWrite
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue