From 888623e8d5f7662626c7a2077ea5e6306dc15272 Mon Sep 17 00:00:00 2001 From: Zachariah Mully Date: Thu, 13 Jun 2019 12:10:09 -0400 Subject: [build] clean up cloudformation template and policies --- ci.template | 223 ------------------------------------------ cloudformation/ci.template.js | 117 ++++++++++++++++++++++ 2 files changed, 117 insertions(+), 223 deletions(-) delete mode 100644 ci.template create mode 100644 cloudformation/ci.template.js diff --git a/ci.template b/ci.template deleted file mode 100644 index 578ce24c81..0000000000 --- a/ci.template +++ /dev/null @@ -1,223 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "mapbox-gl-native travis resources", - "Resources": { - "BuildUser": { - "Type": "AWS::IAM::User", - "Properties": { - "Policies": [ - { - "PolicyName": "list-testing", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::mapbox" - ], - "Condition": { - "StringLike": { - "s3:prefix": "mapbox-gl-native/*" - } - } - } - ] - } - }, - { - "PolicyName": "build-testing", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::mapbox/mapbox-gl-native/*" - ] - } - ] - } - }, - { - "PolicyName": "list-node", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:ListBucket" - ], - "Resource": [ - "arn:aws:s3:::mapbox-node-binary" - ], - "Effect": "Allow" - } - ] - } - }, - { - "PolicyName": "build-node", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Resource": [ - "arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*" - ], - "Effect": "Allow" - } - ] - } - }, - { - "PolicyName": "cloudwatch-metrics", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "cloudwatch:PutMetricData", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ] - } - }, - { - "PolicyName": "get-signing-key", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg" - ] - } - ] - } - }, - { - "PolicyName": "publish-metrics", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:PutObject", - "s3:GetObject", - "s3:GetObjectAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::mapbox-loading-dock/raw/mobile.binarysize/*", - "arn:aws:s3:::mapbox-loading-dock/raw/mobile.codecoverage/*", - "arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.docs_coverage/*", - "arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.codecoverage/*", - "arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.github_stats/*" - ] - } - ] - } - }, - { - "PolicyName": "list-loading-dock", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:ListBucket" - ], - "Resource": [ - "arn:aws:s3:::mapbox-loading-dock" - ], - "Effect": "Allow" - } - ] - } - }, - { - "PolicyName": "cloudwatch-metrics", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "cloudwatch:PutMetricData", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ] - } - }, - { - "PolicyName": "publish-nightlies", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*" - ] - } - ] - } - } - ] - } - }, - "BuildUserKey": { - "Type": "AWS::IAM::AccessKey", - "Properties": { - "UserName": { - "Ref": "BuildUser" - } - } - } - }, - "Outputs": { - "AccessKeyId": { - "Value": { - "Ref": "BuildUserKey" - } - }, - "SecretAccessKey": { - "Value": { - "Fn::GetAtt": [ - "BuildUserKey", - "SecretAccessKey" - ] - } - } - } -} diff --git a/cloudformation/ci.template.js b/cloudformation/ci.template.js new file mode 100644 index 0000000000..e0e1fc0603 --- /dev/null +++ b/cloudformation/ci.template.js @@ -0,0 +1,117 @@ +'use strict'; + +const template = { + AWSTemplateFormatVersion: '2010-09-09', + Description: 'mapbox-gl-native travis resources', + Resources: { + BuildUser: { + Type: 'AWS::IAM::User', + Properties: { + Policies: [ + { + PolicyName: 'listBuckets', + PolicyDocument: { + Statement: [ + { + Action: [ 's3:ListBucket' ], + Effect: 'Allow', + Resource: [ 'arn:aws:s3:::mapbox' ], + Condition: { StringLike: { 's3:prefix': 'mapbox-gl-native/*' } } + }, + { + Action: [ 's3:ListBucket' ], + Resource: [ 'arn:aws:s3:::mapbox-node-binary' ], + Effect: 'Allow' + }, + { + Action: [ 's3:ListBucket' ], + Resource: [ 'arn:aws:s3:::mapbox-loading-dock' ], + Effect: 'Allow' + } + ] + } + }, + { + PolicyName: 'build-testing', + PolicyDocument: { + Statement: [ + { + Action: [ + 's3:GetObject', + 's3:GetObjectAcl', + 's3:PutObject', + 's3:PutObjectAcl' + ], + Effect: 'Allow', + Resource: [ + 'arn:aws:s3:::mapbox/mapbox-gl-native/*', + 'arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*', + 'arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*' + ] + } + ] + } + }, + { + PolicyName: 'cloudwatch-metrics', + PolicyDocument: { + Statement: [ + { + Action: [ + 'cloudwatch:PutMetricData', + 'cloudwatch:GetMetricData', + 'cloudwatch:GetMetricStatistics' + ], + Effect: 'Allow', + Resource: [ '*' ] + } + ] + } + }, + { + PolicyName: 'get-signing-key', + PolicyDocument: { + Statement: [ + { + Action: [ 's3:GetObject' ], + Effect: 'Allow', + Resource: [ + 'arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg' + ] + } + ] + } + }, + { + PolicyName: 'publish-metrics', + PolicyDocument: { + Statement: [ + { + Action: [ 's3:PutObject', 's3:GetObject', 's3:GetObjectAcl' ], + Effect: 'Allow', + Resource: [ + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile.binarysize/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile.codecoverage/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.docs_coverage/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.codecoverage/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.github_stats/*' + ] + } + ] + } + } + ] + } + }, + BuildUserKey: { + Type: 'AWS::IAM::AccessKey', + Properties: { UserName: { Ref: 'BuildUser' } } + } + }, + Outputs: { + AccessKeyId: { Value: { Ref: 'BuildUserKey' } }, + SecretAccessKey: { Value: { 'Fn::GetAtt': [ 'BuildUserKey', 'SecretAccessKey' ] } } + } +}; + +module.exports = template; -- cgit v1.2.1