-
Notifications
You must be signed in to change notification settings - Fork 63
/
Copy pathJavaScriptESDK.yml
101 lines (97 loc) · 3.56 KB
/
JavaScriptESDK.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Outputs:
StackArn:
Description: >-
Do not remove this output! Pipelines needs this to do its association. (And
LPT. Removing it will break things)
Value: !Ref 'AWS::StackId'
Parameters:
DeploymentBucketImportName:
Default: 'BONESBootstrap-PDX-beta-DeploymentBucket'
Description: >-
This parameter is meant to be passed by LPT (and piplines). It holds the
name of import that points to the bucket that holds your artifacts. You
should use this as the import (Fn::ImportValue: {Ref: DeploymentBucket})
for getting any BATS related artifacts.
Type: String
Stage:
Default: 'beta'
Type: String
PipelinesControlledRegionBucket:
Type: String
Description: The regionalized bucket to read the artifact from.
Default: 'placeholder'
NumberOfBuildsInBatch:
Type: Number
MaxValue: 100
MinValue: 1
Default: 16
Description: The number of builds you expect to run in a batch
Resources:
CodeBuildRole:
Properties:
AssumeRolePolicyDocument: >-
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"codebuild.amazonaws.com"},"Action":"sts:AssumeRole"},{"Effect":"Allow","Principal":{"Federated":"arn:aws:iam::587316601012:oidc-provider/token.actions.githubusercontent.com"},"Action":"sts:AssumeRoleWithWebIdentity","Condition":{"StringEquals":{"token.actions.githubusercontent.com:aud":"sts.amazonaws.com"},"StringLike":{"token.actions.githubusercontent.com:sub":"repo:aws/aws-encryption-sdk-javascript:*"}}}]}
Policies:
- PolicyDocument:
Statement:
- Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Effect: Allow
Resource:
- '*'
- Action:
- 'kms:Encrypt'
- 'kms:Decrypt'
- 'kms:GenerateDataKey'
Effect: Allow
Resource:
- '*'
- Action:
- 's3:PutObject'
Effect: Allow
Resource:
- '*'
- Action:
- 'codebuild:StartBuild'
- 'codebuild:StopBuild'
- 'codebuild:RetryBuild'
- 'codebuild:BatchGetBuilds'
Effect: Allow
Resource:
- 'arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/JavaScriptESDK'
PolicyName: !Sub '${AWS::StackName}CloudWatchLogsPolicy'
Type: 'AWS::IAM::Role'
ExampleWaitHandle:
Properties: {}
Type: 'AWS::CloudFormation::WaitConditionHandle'
JavaScriptESDK:
Properties:
Artifacts:
Type: NO_ARTIFACTS
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: 'aws/codebuild/standard:5.0'
Type: LINUX_CONTAINER
LogsConfig:
S3Logs:
Location: !Sub '${LogBucket}/JavaScriptESDK'
Status: ENABLED
Name: JavaScriptESDK
BuildBatchConfig:
ServiceRole: !GetAtt CodeBuildRole.Arn
Restrictions:
MaximumBuildsAllowed: !Ref NumberOfBuildsInBatch
ComputeTypesAllowed:
- BUILD_GENERAL1_SMALL
- BUILD_GENERAL1_MEDIUM
- BUILD_GENERAL1_LARGE
TimeoutInMins: 480
Source:
Location: 'https://github.com/aws/aws-encryption-sdk-javascript'
ReportBuildStatus: 'true'
Type: GITHUB
Type: 'AWS::CodeBuild::Project'
LogBucket:
Type: 'AWS::S3::Bucket'