From e5fda5360042349a28ade5fdf7ce09c3897b1e98 Mon Sep 17 00:00:00 2001
From: Daisuke <nakada0907@outlook.com>
Date: Wed, 7 May 2025 20:05:21 +0900
Subject: [PATCH] feat: add necessary roles and tag

---
 template-codepipeline.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/template-codepipeline.yaml b/template-codepipeline.yaml
index 3b0fa65..36f7a5c 100644
--- a/template-codepipeline.yaml
+++ b/template-codepipeline.yaml
@@ -53,12 +53,16 @@ Resources:
               - Effect: Allow
                 Action:
                   - s3:GetObject
+                  - s3:GetObjectVersion
                   - s3:PutObject
+                  - s3:ListBucket
                   - s3:GetBucketLocation
                   - s3:GetBucketVersioning
                 Resource:
                   - "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket"
                   - "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket/*"
+                  - "arn:aws:s3:::naputo-blog-source"
+                  - "arn:aws:s3:::naputo-blog-source/*"
               # Permissions for CloudFormation actions
               - Effect: Allow
                 Action:
@@ -84,6 +88,9 @@ Resources:
         Type: S3
         Location: "codebuild-ap-northeast-1-692859919890-input-bucket"
       RoleArn: !GetAtt CodePipelineRole.Arn
+      Tags:
+        - Key: Project
+          Value: Git-server
       Stages:
         - Name: Source
           Actions: