{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "mapbox-gl-native travis resources", "Resources": { "BuildUser": { "Type": "AWS::IAM::User", "Properties": { "Policies": [ { "PolicyName": "list-testing", "PolicyDocument": { "Statement": [ { "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::mapbox" ], "Condition": { "StringLike": { "s3:prefix": "mapbox-gl-native/*" } } } ] } }, { "PolicyName": "build-testing", "PolicyDocument": { "Statement": [ { "Action": [ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject", "s3:PutObjectAcl" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::mapbox/mapbox-gl-native/*" ] } ] } }, { "PolicyName": "list-node", "PolicyDocument": { "Statement": [ { "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::mapbox-node-binary" ], "Effect": "Allow" } ] } }, { "PolicyName": "build-node", "PolicyDocument": { "Statement": [ { "Action": [ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*" ], "Effect": "Allow" } ] } }, { "PolicyName": "android", "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:RunInstances", "ec2:CreateTags", "ec2:GetConsoleOutput" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": { "Fn::GetAtt": [ "AndroidRole", "Arn" ] } } ] } }, { "PolicyName": "cloudwatch-metrics", "PolicyDocument": { "Statement": [ { "Action": [ "cloudwatch:PutMetricData", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics" ], "Effect": "Allow", "Resource": [ "*" ] } ] } } ] } }, "BuildUserKey": { "Type": "AWS::IAM::AccessKey", "Properties": { "UserName": { "Ref": "BuildUser" } } }, "BitriseUser": { "Type": "AWS::IAM::User", "Properties": { "Policies": [ { "PolicyName": "get-signing-key", "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg" ] } ] } }, { "PolicyName": "publish-metrics", "PolicyDocument": { "Statement": [ { "Action": [ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject", "s3:PutObjectAcl" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::mapbox/mapbox-gl-native/metrics/*" ] } ] } }, { "PolicyName": "cloudwatch-metrics", "PolicyDocument": { "Statement": [ { "Action": [ "cloudwatch:PutMetricData", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics" ], "Effect": "Allow", "Resource": [ "*" ] } ] } }, { "PolicyName": "publish-nightlies", "PolicyDocument": { "Statement": [ { "Action": [ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject", "s3:PutObjectAcl" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*" ] } ] } } ] } }, "BitriseUserKey": { "Type": "AWS::IAM::AccessKey", "Properties": { "UserName": { "Ref": "BitriseUser" } } }, "AndroidRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Policies": [ { "PolicyName": "android-testing", "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::mapbox-gl-testing/android/*" ] } ] } }, { "PolicyName": "android", "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::mapbox/mapbox-gl-native/android/build/*" ] } ] } } ], "Path": "/android-gl-build/travis/role/" } }, "AndroidInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Roles": [ { "Ref": "AndroidRole" } ], "Path": "/android-gl-build/travis/instance-profile/" } } }, "Outputs": { "AccessKeyId": { "Value": { "Ref": "BuildUserKey" } }, "SecretAccessKey": { "Value": { "Fn::GetAtt": [ "BuildUserKey", "SecretAccessKey" ] } }, "BitriseAccessKeyId": { "Value": { "Ref": "BitriseUserKey" } }, "BitriseSecretAccessKey": { "Value": { "Fn::GetAtt": [ "BitriseUserKey", "SecretAccessKey" ] } }, "AndroidInstanceProfile": { "Value": { "Fn::GetAtt": [ "AndroidInstanceProfile", "Arn" ] } }, "AndroidRole": { "Value": { "Fn::GetAtt": [ "AndroidRole", "Arn" ] } } } }