Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
82 lines (81 sloc) 2.29 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: "Firebox Lambda CLI Role"
Parameters:
ParamStackName:
Type: String
Description: "Name used in resource tags and names"
Resources:
FireboxCliRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: !Join [ "-", [ "firebox-cli-role", !Ref "AWS::AccountId", !Ref "AWS::Region" ] ]
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "lambda.amazonaws.com"
- "ec2.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
FireboxRolePolicy:
Type: "AWS::IAM::Policy"
Properties:
PolicyName: "FireboxLambdaCLIS3Policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "s3:GetObject"
Resource: !ImportValue FireboxPrivateBucketResourcesArn
-
Effect: "Allow"
Action:
- "s3:ListBucket"
Resource: !ImportValue FireboxPrivateBucketArn
-
Effect: "Allow"
Action:
- "xray:PutTelemetryRecords"
Resource: "*"
-
Effect: "Allow"
Action:
- "xray:PutTraceSegments"
Resource: "*"
-
Effect: "Allow"
Action:
- "logs:CreateLogGroup"
Resource: "arn:aws:logs:*:*:*"
-
Effect: "Allow"
Action:
- "logs:CreateLogStream"
Resource: "arn:aws:logs:*:*:*"
-
Effect: "Allow"
Action:
- "logs:PutLogEvents"
Resource: "arn:aws:logs:*:*:*"
-
Effect: "Allow"
Action:
- "logs:DescribeLogStreams"
Resource: "arn:aws:logs:*:*:*"
Roles:
-
!Ref FireboxCliRole
Outputs:
FireboxLambdaCLIRoleArn:
Description: ARN of FireboxLambdaCLIRoleArn
Value: !GetAtt FireboxCliRole.Arn
Export:
Name: "FireboxLambdaCLIRoleArn"