From dd076e8172cc300fb1e9fdded1d81e5a428fb055 Mon Sep 17 00:00:00 2001 From: Tobrun Date: Thu, 8 Nov 2018 16:40:39 +0100 Subject: [all] - move cloudformation to be mbxcli compatible --- cloudformation/cloudformation.template | 317 +++++++++++++++++++++++++++++++++ misc/cloudformation.template | 317 --------------------------------- 2 files changed, 317 insertions(+), 317 deletions(-) create mode 100644 cloudformation/cloudformation.template delete mode 100644 misc/cloudformation.template diff --git a/cloudformation/cloudformation.template b/cloudformation/cloudformation.template new file mode 100644 index 0000000000..db4e59eb7e --- /dev/null +++ b/cloudformation/cloudformation.template @@ -0,0 +1,317 @@ + +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "mapbox-gl-native travis resources", + "Resources": { + "BuildUser": { + "Type": "AWS::IAM::User", + "Properties": { + "Policies": [ + { + "PolicyName": "list-testing", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::mapbox" + ], + "Condition": { + "StringLike": { + "s3:prefix": "mapbox-gl-native/*" + } + } + } + ] + } + }, + { + "PolicyName": "build-testing", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::mapbox/mapbox-gl-native/*" + ] + } + ] + } + }, + { + "PolicyName": "list-node", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:ListBucket" + ], + "Resource": [ + "arn:aws:s3:::mapbox-node-binary" + ], + "Effect": "Allow" + } + ] + } + }, + { + "PolicyName": "build-node", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Resource": [ + "arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*" + ], + "Effect": "Allow" + } + ] + } + }, + { + "PolicyName": "android", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeInstances", + "ec2:RunInstances", + "ec2:CreateTags", + "ec2:GetConsoleOutput" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": { + "Fn::GetAtt": [ + "AndroidRole", + "Arn" + ] + } + } + ] + } + }, + { + "PolicyName": "cloudwatch-metrics", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "cloudwatch:PutMetricData", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ] + } + }, + { + "PolicyName": "get-signing-key", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg" + ] + } + ] + } + }, + { + "PolicyName": "publish-metrics", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::mapbox/mapbox-gl-native/metrics/*" + ] + } + ] + } + }, + { + "PolicyName": "cloudwatch-metrics", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "cloudwatch:PutMetricData", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ] + } + }, + { + "PolicyName": "publish-nightlies", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*" + ] + } + ] + } + } + ] + } + }, + "BuildUserKey": { + "Type": "AWS::IAM::AccessKey", + "Properties": { + "UserName": { + "Ref": "BuildUser" + } + } + }, + "AndroidRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + "ec2.amazonaws.com" + ] + }, + "Action": [ + "sts:AssumeRole" + ] + } + ] + }, + "Policies": [ + { + "PolicyName": "android-testing", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:PutObject" + ], + "Resource": [ + "arn:aws:s3:::mapbox-gl-testing/android/*" + ] + } + ] + } + }, + { + "PolicyName": "android", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:PutObject" + ], + "Resource": [ + "arn:aws:s3:::mapbox/mapbox-gl-native/android/build/*" + ] + } + ] + } + } + ], + "Path": "/android-gl-build/travis/role/" + } + }, + "AndroidInstanceProfile": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "AndroidRole" + } + ], + "Path": "/android-gl-build/travis/instance-profile/" + } + } + }, + "Outputs": { + "AccessKeyId": { + "Value": { + "Ref": "BuildUserKey" + } + }, + "SecretAccessKey": { + "Value": { + "Fn::GetAtt": [ + "BuildUserKey", + "SecretAccessKey" + ] + } + }, + "AndroidInstanceProfile": { + "Value": { + "Fn::GetAtt": [ + "AndroidInstanceProfile", + "Arn" + ] + } + }, + "AndroidRole": { + "Value": { + "Fn::GetAtt": [ + "AndroidRole", + "Arn" + ] + } + } + } +} diff --git a/misc/cloudformation.template b/misc/cloudformation.template deleted file mode 100644 index db4e59eb7e..0000000000 --- a/misc/cloudformation.template +++ /dev/null @@ -1,317 +0,0 @@ - -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "mapbox-gl-native travis resources", - "Resources": { - "BuildUser": { - "Type": "AWS::IAM::User", - "Properties": { - "Policies": [ - { - "PolicyName": "list-testing", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::mapbox" - ], - "Condition": { - "StringLike": { - "s3:prefix": "mapbox-gl-native/*" - } - } - } - ] - } - }, - { - "PolicyName": "build-testing", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::mapbox/mapbox-gl-native/*" - ] - } - ] - } - }, - { - "PolicyName": "list-node", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:ListBucket" - ], - "Resource": [ - "arn:aws:s3:::mapbox-node-binary" - ], - "Effect": "Allow" - } - ] - } - }, - { - "PolicyName": "build-node", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Resource": [ - "arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*" - ], - "Effect": "Allow" - } - ] - } - }, - { - "PolicyName": "android", - "PolicyDocument": { - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:DescribeInstances", - "ec2:RunInstances", - "ec2:CreateTags", - "ec2:GetConsoleOutput" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": "iam:PassRole", - "Resource": { - "Fn::GetAtt": [ - "AndroidRole", - "Arn" - ] - } - } - ] - } - }, - { - "PolicyName": "cloudwatch-metrics", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "cloudwatch:PutMetricData", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ] - } - }, - { - "PolicyName": "get-signing-key", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg" - ] - } - ] - } - }, - { - "PolicyName": "publish-metrics", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::mapbox/mapbox-gl-native/metrics/*" - ] - } - ] - } - }, - { - "PolicyName": "cloudwatch-metrics", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "cloudwatch:PutMetricData", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ] - } - }, - { - "PolicyName": "publish-nightlies", - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*" - ] - } - ] - } - } - ] - } - }, - "BuildUserKey": { - "Type": "AWS::IAM::AccessKey", - "Properties": { - "UserName": { - "Ref": "BuildUser" - } - } - }, - "AndroidRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "ec2.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ] - } - ] - }, - "Policies": [ - { - "PolicyName": "android-testing", - "PolicyDocument": { - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:PutObject" - ], - "Resource": [ - "arn:aws:s3:::mapbox-gl-testing/android/*" - ] - } - ] - } - }, - { - "PolicyName": "android", - "PolicyDocument": { - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:PutObject" - ], - "Resource": [ - "arn:aws:s3:::mapbox/mapbox-gl-native/android/build/*" - ] - } - ] - } - } - ], - "Path": "/android-gl-build/travis/role/" - } - }, - "AndroidInstanceProfile": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Roles": [ - { - "Ref": "AndroidRole" - } - ], - "Path": "/android-gl-build/travis/instance-profile/" - } - } - }, - "Outputs": { - "AccessKeyId": { - "Value": { - "Ref": "BuildUserKey" - } - }, - "SecretAccessKey": { - "Value": { - "Fn::GetAtt": [ - "BuildUserKey", - "SecretAccessKey" - ] - } - }, - "AndroidInstanceProfile": { - "Value": { - "Fn::GetAtt": [ - "AndroidInstanceProfile", - "Arn" - ] - } - }, - "AndroidRole": { - "Value": { - "Fn::GetAtt": [ - "AndroidRole", - "Arn" - ] - } - } - } -} -- cgit v1.2.1