nakada0907/forgejo-deployment
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
forgejo-deployment/infra/cfn/forgejo-efs.yaml
Daisuke 8da52108cf cfn: switch Forgejo pipeline to EventBridge-triggered S3 source 
- Rename forgejo.yaml to forgejo-cl.yaml
- Make S3 bucket and IAM ARNs region-agnostic
- Disable CodePipeline S3 polling
- Enable S3 → EventBridge notifications
- Add EventBridge rule and IAM role to trigger pipeline on object creation
- Tighten IAM permissions for CodeBuild and CodePipeline
- Normalize file mode for forgejo-efs.yaml
2026-01-01 13:51:21 +09:00

103 lines
2.8 KiB
YAML
Raw Blame History

Parameters:
KmsKeyId:
Type: String
Description: "KMS key for EFS encryption"
Resources:
EFSAccessPointData:
Type: "AWS::EFS::AccessPoint"
DeletionPolicy: Retain
Properties:
FileSystemId: !Ref EFSFileSystem
RootDirectory:
Path: "/forgejo/data"
CreationInfo:
OwnerGid: "1000"
Permissions: "750"
OwnerUid: "1000"
AccessPointTags:
- Value: "forgejo-data-ap"
Key: "Name"
- Value: "Git-server"
Key: "Project"
PosixUser:
Uid: "1000"
SecondaryGids: []
Gid: "1000"
EFSAccessPointConfig:
Type: "AWS::EFS::AccessPoint"
DeletionPolicy: Retain
Properties:
FileSystemId: !Ref EFSFileSystem
RootDirectory:
Path: "/forgejo/config"
CreationInfo:
OwnerGid: "1000"
Permissions: "750"
OwnerUid: "1000"
AccessPointTags:
- Value: "forgejo-config-ap"
Key: "Name"
- Value: "Git-server"
Key: "Project"
PosixUser:
Uid: "1000"
SecondaryGids: []
Gid: "1000"
EFSFileSystem:
Type: "AWS::EFS::FileSystem"
DeletionPolicy: Retain
Properties:
KmsKeyId: !Ref KmsKeyId
PerformanceMode: "generalPurpose"
Encrypted: true
FileSystemTags:
- Value: "forgejo-file-system"
Key: "Name"
- Value: "Git-server"
Key: "Project"
FileSystemPolicy:
Version: "2012-10-17"
Statement:
- Condition:
Bool:
elasticfilesystem:AccessedViaMountTarget: "true"
Resource: !Sub "arn:aws:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/fs-011efd71b198bacc7"
Action:
- "elasticfilesystem:ClientWrite"
- "elasticfilesystem:ClientMount"
Effect: "Allow"
Principal:
AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
Sid: "efs-statement-b87417f1-f7fd-4978-b642-9b3084238008"
Id: "efs-policy-wizard-c4d5acbb-f970-40a3-8938-87ca58cb6f1b"
FileSystemProtection:
ReplicationOverwriteProtection: "ENABLED"
LifecyclePolicies:
- TransitionToIA: "AFTER_30_DAYS"
- TransitionToArchive: "AFTER_90_DAYS"
ThroughputMode: "elastic"
BackupPolicy:
Status: "ENABLED"
Outputs:
EFSFileSystemId:
Description: "ID of the EFS File System"
Value: !Ref EFSFileSystem
Export:
Name: !Sub "${AWS::StackName}-EFSFileSystemId"
AccessPointData:
Description: "Access Point for /forgejo/data"
Value: !Ref EFSAccessPointData
Export:
Name: !Sub "${AWS::StackName}-EFSAccessPointData"
AccessPointConfig:
Description: "Access Point for /forgejo/config"
Value: !Ref EFSAccessPointConfig
Export:
Name: !Sub "${AWS::StackName}-EFSAccessPointConfig"
Reference in a new issue View git blame Copy permalink