-
Notifications
You must be signed in to change notification settings - Fork 63
/
Copy pathJavaScriptESDK.yml
77 lines (75 loc) · 2.77 KB
/
JavaScriptESDK.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
Outputs:
StackArn:
Description: >-
Do not remove this output! Pipelines needs this to do its association. (And
LPT. Removing it will break things)
Value: !Ref 'AWS::StackId'
Parameters:
DeploymentBucketImportName:
Default: 'BONESBootstrap-PDX-beta-DeploymentBucket'
Description: >-
This parameter is meant to be passed by LPT (and piplines). It holds the
name of import that points to the bucket that holds your artifacts. You
should use this as the import (Fn::ImportValue: {Ref: DeploymentBucket})
for getting any BATS related artifacts.
Type: String
Stage:
Default: 'beta'
Type: String
PipelinesControlledRegionBucket:
Type: String
Description: The regionalized bucket to read the artifact from.
Default: 'placeholder'
Resources:
CodeBuildRole:
Properties:
AssumeRolePolicyDocument: >-
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"codebuild.amazonaws.com"},"Action":"sts:AssumeRole"},{"Effect":"Allow","Principal":{"Federated":"arn:aws:iam::587316601012:oidc-provider/token.actions.githubusercontent.com"},"Action":"sts:AssumeRoleWithWebIdentity","Condition":{"StringEquals":{"token.actions.githubusercontent.com:aud":"sts.amazonaws.com"},"StringLike":{"token.actions.githubusercontent.com:sub":"repo:aws/aws-encryption-sdk-javascript:*"}}}]}
Policies:
- PolicyDocument:
Statement:
- Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Effect: Allow
Resource:
- '*'
- Action:
- 'kms:Encrypt'
- 'kms:Decrypt'
- 'kms:GenerateDataKey'
Effect: Allow
Resource:
- '*'
- Action:
- 's3:PutObject'
Effect: Allow
Resource:
- '*'
PolicyName: !Sub '${AWS::StackName}CloudWatchLogsPolicy'
Type: 'AWS::IAM::Role'
ExampleWaitHandle:
Properties: {}
Type: 'AWS::CloudFormation::WaitConditionHandle'
JavaScriptESDK:
Properties:
Artifacts:
Type: NO_ARTIFACTS
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: 'aws/codebuild/standard:2.0'
Type: LINUX_CONTAINER
LogsConfig:
S3Logs:
Location: !Sub '${LogBucket}/JavaScriptESDK'
Status: ENABLED
Name: JavaScriptESDK
ServiceRole: !Ref CodeBuildRole
Source:
Location: 'https://github.com/aws/aws-encryption-sdk-javascript'
ReportBuildStatus: 'true'
Type: GITHUB
Type: 'AWS::CodeBuild::Project'
LogBucket:
Type: 'AWS::S3::Bucket'