Cloudtrail stack for creating an IAM user with a managed policy that …

…we can safely use to let Travis push to S3. Courtesy of Andrew Krug
mozilla · Aug 27, 2018 · 3aff0f3 · 3aff0f3
1 parent f23e76f
commit 3aff0f3
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/aws/releases-cloudtrail-build-user.yml b/aws/releases-cloudtrail-build-user.yml
@@ -0,0 +1,35 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: "Sets up a managed policy for Mig to build and deploy to s3."
+Parameters:
+  S3BucketMigBuilds:
+    Type: "String"
+    Description: "The S3 bucket that your build job will be writing out to. (arn:aws:s3:::mig-agent-releases)"
+Resources:
+  PutBuildstoS3:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      Description: "Managed policy for travis-ci to put builds to s3."
+      PolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          -
+            Effect: "Allow"
+            Action: "s3:PutObject"
+            Resource:
+              - !Ref S3BucketMigBuilds
+          -
+            Effect: "Allow"
+            Action: "s3:GetObject"
+            Resource:
+              - !Ref S3BucketMigBuilds
+          -
+            Effect: "Allow"
+            Action: "s3:DeleteObject"
+            Resource:
+              - !Ref S3BucketMigBuilds
+  BuildUser:
+    Type: AWS::IAM::User
+    Properties:
+      ManagedPolicyArns:
+        - !Ref PutBuildstoS3
+      UserName: mig-build-user