From ca4e3650c061b2722dc40abed7eadbf984c9b28d Mon Sep 17 00:00:00 2001 From: Zachariah Mully Date: Thu, 13 Jun 2019 12:10:09 -0400 Subject: [build] clean up cloudformation template and policies --- cloudformation/ci.template.js | 117 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 cloudformation/ci.template.js (limited to 'cloudformation') diff --git a/cloudformation/ci.template.js b/cloudformation/ci.template.js new file mode 100644 index 0000000000..e0e1fc0603 --- /dev/null +++ b/cloudformation/ci.template.js @@ -0,0 +1,117 @@ +'use strict'; + +const template = { + AWSTemplateFormatVersion: '2010-09-09', + Description: 'mapbox-gl-native travis resources', + Resources: { + BuildUser: { + Type: 'AWS::IAM::User', + Properties: { + Policies: [ + { + PolicyName: 'listBuckets', + PolicyDocument: { + Statement: [ + { + Action: [ 's3:ListBucket' ], + Effect: 'Allow', + Resource: [ 'arn:aws:s3:::mapbox' ], + Condition: { StringLike: { 's3:prefix': 'mapbox-gl-native/*' } } + }, + { + Action: [ 's3:ListBucket' ], + Resource: [ 'arn:aws:s3:::mapbox-node-binary' ], + Effect: 'Allow' + }, + { + Action: [ 's3:ListBucket' ], + Resource: [ 'arn:aws:s3:::mapbox-loading-dock' ], + Effect: 'Allow' + } + ] + } + }, + { + PolicyName: 'build-testing', + PolicyDocument: { + Statement: [ + { + Action: [ + 's3:GetObject', + 's3:GetObjectAcl', + 's3:PutObject', + 's3:PutObjectAcl' + ], + Effect: 'Allow', + Resource: [ + 'arn:aws:s3:::mapbox/mapbox-gl-native/*', + 'arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*', + 'arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*' + ] + } + ] + } + }, + { + PolicyName: 'cloudwatch-metrics', + PolicyDocument: { + Statement: [ + { + Action: [ + 'cloudwatch:PutMetricData', + 'cloudwatch:GetMetricData', + 'cloudwatch:GetMetricStatistics' + ], + Effect: 'Allow', + Resource: [ '*' ] + } + ] + } + }, + { + PolicyName: 'get-signing-key', + PolicyDocument: { + Statement: [ + { + Action: [ 's3:GetObject' ], + Effect: 'Allow', + Resource: [ + 'arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg' + ] + } + ] + } + }, + { + PolicyName: 'publish-metrics', + PolicyDocument: { + Statement: [ + { + Action: [ 's3:PutObject', 's3:GetObject', 's3:GetObjectAcl' ], + Effect: 'Allow', + Resource: [ + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile.binarysize/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile.codecoverage/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.docs_coverage/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.codecoverage/*', + 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.github_stats/*' + ] + } + ] + } + } + ] + } + }, + BuildUserKey: { + Type: 'AWS::IAM::AccessKey', + Properties: { UserName: { Ref: 'BuildUser' } } + } + }, + Outputs: { + AccessKeyId: { Value: { Ref: 'BuildUserKey' } }, + SecretAccessKey: { Value: { 'Fn::GetAtt': [ 'BuildUserKey', 'SecretAccessKey' ] } } + } +}; + +module.exports = template; -- cgit v1.2.1