title | nav_text | categories | nav_order |
---|---|---|---|
Role DSL |
Role |
dsl |
14 |
Pipe Dream can create the IAM service role associated with the pipeline. Here's an example:
.pipedream/role.rb:
iam_policy("logs", "ssm")
For more control, here's a longer form:
iam_policy(
action: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ssm:*",
],
effect: "Allow",
resource: "*"
)
You can also create managed IAM policy.
managed_iam_policy("AmazonS3ReadOnlyAccess")
You can also add multiple managed IAM policies:
managed_iam_policy("AmazonS3ReadOnlyAccess", "AmazonEC2ReadOnlyAccess")
The convenience methods merely wrap properties of the AWS::IAM::Role CloudFormation Resource. If you wanted to set the CloudFormation properties more directly, here's an example of using the "Full" DSL.
.pipedream/role.rb:
assume_role_policy_document(
statement: [{
action: ["sts:AssumeRole"],
effect: "Allow",
principal: {
service: ["codepipeline.amazonaws.com"]
}
}],
version: "2012-10-17"
)
path("/")
policies([{
policy_name: "CodeBuildAccess",
policy_document: {
version: "2012-10-17",
statement: [{
action: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
effect: "Allow",
resource: "*"
}]
}
}])
{% include prev_next.md %}