cloudformation/ci.template.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

'use strict';

const template = {
  AWSTemplateFormatVersion: '2010-09-09',
  Description: 'mapbox-gl-native travis resources',
  Resources: {
    BuildUser: {
      Type: 'AWS::IAM::User',
      Properties: {
        Policies: [
          {
            PolicyName: 'listBuckets',
            PolicyDocument: {
              Statement: [
                {
                  Action: [ 's3:ListBucket' ],
                  Effect: 'Allow',
                  Resource: [ 'arn:aws:s3:::mapbox' ],
                  Condition: { StringLike: { 's3:prefix': 'mapbox-gl-native/*' } }
                },
                {
                  Action: [ 's3:ListBucket' ],
                  Resource: [ 'arn:aws:s3:::mapbox-node-binary' ],
                  Effect: 'Allow'
                },
                {
                  Action: [ 's3:ListBucket' ],
                  Resource: [ 'arn:aws:s3:::mapbox-loading-dock' ],
                  Effect: 'Allow'
                }
              ]
            }
          },
          {
            PolicyName: 'build-testing',
            PolicyDocument: {
              Statement: [
                {
                  Action: [
                    's3:GetObject',
                    's3:GetObjectAcl',
                    's3:PutObject',
                    's3:PutObjectAcl'
                  ],
                  Effect: 'Allow',
                  Resource: [
                    'arn:aws:s3:::mapbox/mapbox-gl-native/*',
                    'arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*',
                    'arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*'
                  ]
                }
              ]
            }
          },
          {
            PolicyName: 'cloudwatch-metrics',
            PolicyDocument: {
              Statement: [
                {
                  Action: [
                    'cloudwatch:PutMetricData',
                    'cloudwatch:GetMetricData',
                    'cloudwatch:GetMetricStatistics'
                  ],
                  Effect: 'Allow',
                  Resource: [ '*' ]
                }
              ]
            }
          },
          {
            PolicyName: 'get-signing-key',
            PolicyDocument: {
              Statement: [
                {
                  Action: [ 's3:GetObject' ],
                  Effect: 'Allow',
                  Resource: [
                    'arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg'
                  ]
                }
              ]
            }
          },
          {
            PolicyName: 'publish-metrics',
            PolicyDocument: {
              Statement: [
                {
                  Action: [ 's3:PutObject', 's3:GetObject', 's3:GetObjectAcl' ],
                  Effect: 'Allow',
                  Resource: [
                    'arn:aws:s3:::mapbox-loading-dock/raw/mobile.binarysize/*',
                    'arn:aws:s3:::mapbox-loading-dock/raw/mobile.codecoverage/*',
                    'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.docs_coverage/*',
                    'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.codecoverage/*',
                    'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.github_stats/*'
                  ]
                }
              ]
            }
          }
        ]
      }
    },
    BuildUserKey: {
      Type: 'AWS::IAM::AccessKey',
      Properties: { UserName: { Ref: 'BuildUser' } }
    }
  },
  Outputs: {
    AccessKeyId: { Value: { Ref: 'BuildUserKey' } },
    SecretAccessKey: { Value: { 'Fn::GetAtt': [ 'BuildUserKey', 'SecretAccessKey' ] } }
  }
};

module.exports = template;