diff options
| author | Zachariah Mully <mully@mapbox.com> | 2019-06-13 12:10:09 -0400 |
|---|---|---|
| committer | Jason Wray <friedbunny@users.noreply.github.com> | 2019-07-01 14:33:37 -0700 |
| commit | ca4e3650c061b2722dc40abed7eadbf984c9b28d (patch) | |
| tree | b146f1cb8628e7d32159ece3629bb37c4537c83f /cloudformation/ci.template.js | |
| parent | 4c896cbb31fcb929b0e57c7bd02e519c267a1be1 (diff) | |
| download | qtlocation-mapboxgl-ca4e3650c061b2722dc40abed7eadbf984c9b28d.tar.gz | |
[build] clean up cloudformation template and policies
Diffstat (limited to 'cloudformation/ci.template.js')
| -rw-r--r-- | cloudformation/ci.template.js | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/cloudformation/ci.template.js b/cloudformation/ci.template.js new file mode 100644 index 0000000000..e0e1fc0603 --- /dev/null +++ b/cloudformation/ci.template.js @@ -0,0 +1,117 @@ +'use strict'; + +const template = { + AWSTemplateFormatVersion: '2010-09-09', + Description: 'mapbox-gl-native travis resources', + Resources: { + BuildUser: { + Type: 'AWS::IAM::User', + Properties: { + Policies: [ + { + PolicyName: 'listBuckets', + PolicyDocument: { + Statement: [ + { + Action: [ 's3:ListBucket' ], + Effect: 'Allow', + Resource: [ 'arn:aws:s3:::mapbox' ], + Condition: { StringLike: { 's3:prefix': 'mapbox-gl-native/*' } } + }, + { + Action: [ 's3:ListBucket' ], + Resource: [ 'arn:aws:s3:::mapbox-node-binary' ], + Effect: 'Allow' + }, + { + Action: [ 's3:ListBucket' ], + Resource: [ 'arn:aws:s3:::mapbox-loading-dock' ], + Effect: 'Allow' + } + ] + } + }, + { + PolicyName: 'build-testing', + PolicyDocument: { + Statement: [ + { + Action: [ + 's3:GetObject', + 's3:GetObjectAcl', + 's3:PutObject', + 's3:PutObjectAcl' + ], + Effect: 'Allow', + Resource: [ + 'arn:aws:s3:::mapbox/mapbox-gl-native/*', + 'arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*', + 'arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*' + ] + } + ] + } + }, + { + PolicyName: 'cloudwatch-metrics', + PolicyDocument: { + Statement: [ + { + Action: [ + 'cloudwatch:PutMetricData', + 'cloudwatch:GetMetricData', + 'cloudwatch:GetMetricStatistics' + ], + Effect: 'Allow', + Resource: [ '*' ] + } + ] + } + }, + { + PolicyName: 'get-signing-key', + PolicyDocument: { + Statement: [ + { + Action: [ 's3:GetObject' ], + Effect: 'Allow', + Resource: [ + 'arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg' + ] + } + ] + } + }, + { + PolicyName: 'publish-metrics', + PolicyDocument: { + Statement: [ + { + Action: [ 's3:PutObject', 's3:GetObject', 's3:GetObjectAcl' ], + Effect: 'Allow', + Resource: [ + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile.binarysize/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile.codecoverage/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.docs_coverage/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.codecoverage/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.github_stats/*' + ] + } + ] + } + } + ] + } + }, + BuildUserKey: { + Type: 'AWS::IAM::AccessKey', + Properties: { UserName: { Ref: 'BuildUser' } } + } + }, + Outputs: { + AccessKeyId: { Value: { Ref: 'BuildUserKey' } }, + SecretAccessKey: { Value: { 'Fn::GetAtt': [ 'BuildUserKey', 'SecretAccessKey' ] } } + } +}; + +module.exports = template; |