Skip to content

Commit

Permalink
GH-54: Added Role and Permissions to CustomResources.json
Browse files Browse the repository at this point in the history
  • Loading branch information
@johnnyhchen
johnnyhchen committed Aug 4, 2021
1 parent fdaa852 commit 9da6e51
Showing 1 changed file with 95 additions and 10 deletions.
105 changes: 95 additions & 10 deletions amplify/backend/api/rms/stacks/CustomResources.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,9 +86,12 @@
"Ref": "AppSyncApiId"
},
"Name": "MainTable",
"Type": "AWS_DYNAMODB",
"Type": "AMAZON_DYNAMODB",
"ServiceRoleArn": {
"Ref": "storagemainArn"
"Fn::GetAtt": [
"RootRole",
"Arn"
]
},
"DynamoDBConfig": {
"AwsRegion" : {
Expand All @@ -107,9 +110,12 @@
"Ref": "AppSyncApiId"
},
"Name": "ItemsTable",
"Type": "AWS_DYNAMODB",
"Type": "AMAZON_DYNAMODB",
"ServiceRoleArn": {
"Ref": "storageitemsArn"
"Fn::GetAtt": [
"RootRole",
"Arn"
]
},
"DynamoDBConfig": {
"AwsRegion" : {
Expand All @@ -128,9 +134,12 @@
"Ref": "AppSyncApiId"
},
"Name": "BatchTable",
"Type": "AWS_DYNAMODB",
"Type": "AMAZON_DYNAMODB",
"ServiceRoleArn": {
"Ref": "storagebatchArn"
"Fn::GetAtt": [
"RootRole",
"Arn"
]
},
"DynamoDBConfig": {
"AwsRegion" : {
Expand All @@ -149,9 +158,12 @@
"Ref": "AppSyncApiId"
},
"Name": "TagsTable",
"Type": "AWS_DYNAMODB",
"Type": "AMAZON_DYNAMODB",
"ServiceRoleArn": {
"Ref": "storagetagsArn"
"Fn::GetAtt": [
"RootRole",
"Arn"
]
},
"DynamoDBConfig": {
"AwsRegion" : {
Expand All @@ -170,9 +182,12 @@
"Ref": "AppSyncApiId"
},
"Name": "HistoryTable",
"Type": "AWS_DYNAMODB",
"Type": "AMAZON_DYNAMODB",
"ServiceRoleArn": {
"Ref": "storagehistoryArn"
"Fn::GetAtt": [
"RootRole",
"Arn"
]
},
"DynamoDBConfig": {
"AwsRegion" : {
Expand All @@ -184,6 +199,76 @@
}
}
},
"RootRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"appsync.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:BatchGetItem",
"dynamodb:Query",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"appsync:CreateDataSource",
"appsync:UpdateDataSource"
],
"Resource": {
"Fn::Sub": [
"arn:aws:dynamodb:${Region}:${Account}:table/*",
{
"region": {
"Ref": "AWS::Region"
},
"account": {
"Ref": "AWS::AccountId"
}
}
]
}
}
]
}
}
]
}
},
"RootInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "RootRole"
}
]
}
},
"GetMainResolver": {
"Type": "AWS::AppSync::Resolver",
"Properties": {
Expand Down

0 comments on commit 9da6e51

Please sign in to comment.