Compare commits
2 commits
4e533c005d
...
093489830d
| Author | SHA1 | Date | |
|---|---|---|---|
| 093489830d | |||
| c23ec5c624 |
2 changed files with 40 additions and 0 deletions
|
|
@ -179,6 +179,11 @@ Resources:
|
|||
Action:
|
||||
- lambda:CreateFunction
|
||||
- lambda:DeleteFunction
|
||||
- lambda:UpdateFunctionCode
|
||||
- lambda:PublishVersion
|
||||
- lambda:CreateAlias
|
||||
- lambda:UpdateAlias
|
||||
- lambda:DeleteAlias
|
||||
- lambda:TagResource
|
||||
- lambda:UntagResource
|
||||
- lambda:AddPermission
|
||||
|
|
|
|||
35
roles/s3-write-role.yaml
Normal file
35
roles/s3-write-role.yaml
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
AWSTemplateFormatVersion: '2010-09-09'
|
||||
Description: IAM Role for S3 Write operations via AssumeRole
|
||||
|
||||
Resources:
|
||||
S3WriteRole:
|
||||
Type: AWS::IAM::Role
|
||||
Properties:
|
||||
RoleName: S3WriteRole
|
||||
Description: Role for CLI users to upload files to S3 buckets
|
||||
AssumeRolePolicyDocument:
|
||||
Version: '2012-10-17'
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Principal:
|
||||
AWS: !Sub arn:aws:iam::${AWS::AccountId}:role/aws-reserved/sso.amazonaws.com/${AWS::Region}/AWSReservedSSO_AdministratorWebHosting_42269022c2fff771
|
||||
Action: sts:AssumeRole
|
||||
Policies:
|
||||
- PolicyName: S3Policy
|
||||
PolicyDocument:
|
||||
Version: "2012-10-17"
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- s3:ListBucket
|
||||
Resource:
|
||||
- !Sub arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-blog-lambda-source-bucket
|
||||
- !Sub arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-forgejo-source-bucket
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- s3:PutObject
|
||||
- s3:GetObject
|
||||
- s3:DeleteObject
|
||||
Resource:
|
||||
- !Sub arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-blog-lambda-source-bucket/*
|
||||
- !Sub arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-forgejo-source-bucket/*
|
||||
Loading…
Add table
Add a link
Reference in a new issue