This repository has been archived by the owner on Sep 14, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 234
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cloudtrail stack for creating an IAM user with a managed policy that …
…we can safely use to let Travis push to S3. Courtesy of Andrew Krug
- Loading branch information
Zack Mullaly
committed
Aug 27, 2018
1 parent
f23e76f
commit 3aff0f3
Showing
1 changed file
with
35 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
AWSTemplateFormatVersion: "2010-09-09" | ||
Description: "Sets up a managed policy for Mig to build and deploy to s3." | ||
Parameters: | ||
S3BucketMigBuilds: | ||
Type: "String" | ||
Description: "The S3 bucket that your build job will be writing out to. (arn:aws:s3:::mig-agent-releases)" | ||
Resources: | ||
PutBuildstoS3: | ||
Type: AWS::IAM::ManagedPolicy | ||
Properties: | ||
Description: "Managed policy for travis-ci to put builds to s3." | ||
PolicyDocument: | ||
Version: "2012-10-17" | ||
Statement: | ||
- | ||
Effect: "Allow" | ||
Action: "s3:PutObject" | ||
Resource: | ||
- !Ref S3BucketMigBuilds | ||
- | ||
Effect: "Allow" | ||
Action: "s3:GetObject" | ||
Resource: | ||
- !Ref S3BucketMigBuilds | ||
- | ||
Effect: "Allow" | ||
Action: "s3:DeleteObject" | ||
Resource: | ||
- !Ref S3BucketMigBuilds | ||
BuildUser: | ||
Type: AWS::IAM::User | ||
Properties: | ||
ManagedPolicyArns: | ||
- !Ref PutBuildstoS3 | ||
UserName: mig-build-user |