chore(CFN): check in CFN

josecorella · josecorella · commit f3d496f40cc8 · 2024-03-12T11:43:20.000-07:00
diff --git a/cfn/JavaScriptESDK.yml b/cfn/JavaScriptESDK.yml
@@ -0,0 +1,77 @@
+Outputs:
+  StackArn:
+    Description: >-
+      Do not remove this output! Pipelines needs this to do its association. (And
+      LPT. Removing it will break things)
+    Value: !Ref 'AWS::StackId'
+Parameters:
+  DeploymentBucketImportName:
+    Default: 'BONESBootstrap-PDX-beta-DeploymentBucket'
+    Description: >-
+      This parameter is meant to be passed by LPT (and piplines). It holds the
+      name of import that points to the bucket that holds your artifacts. You
+      should use this as the import (Fn::ImportValue: {Ref: DeploymentBucket})
+      for getting any BATS related artifacts.
+    Type: String
+  Stage:
+    Default: 'beta'
+    Type: String
+  PipelinesControlledRegionBucket:
+    Type: String
+    Description: The regionalized bucket to read the artifact from.
+    Default: 'placeholder'
+    
+Resources:
+  CodeBuildRole:
+    Properties:
+      AssumeRolePolicyDocument: >-
+        {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"codebuild.amazonaws.com"},"Action":"sts:AssumeRole"},{"Effect":"Allow","Principal":{"Federated":"arn:aws:iam::587316601012:oidc-provider/token.actions.githubusercontent.com"},"Action":"sts:AssumeRoleWithWebIdentity","Condition":{"StringEquals":{"token.actions.githubusercontent.com:aud":"sts.amazonaws.com"},"StringLike":{"token.actions.githubusercontent.com:sub":"repo:aws/aws-encryption-sdk-javascript:*"}}}]}
+      Policies:
+        - PolicyDocument:
+            Statement:
+              - Action:
+                  - 'logs:CreateLogGroup'
+                  - 'logs:CreateLogStream'
+                  - 'logs:PutLogEvents'
+                Effect: Allow
+                Resource:
+                  - '*'
+              - Action:
+                  - 'kms:Encrypt'
+                  - 'kms:Decrypt'
+                  - 'kms:GenerateDataKey'
+                Effect: Allow
+                Resource:
+                  - '*'
+              - Action:
+                  - 's3:PutObject'
+                Effect: Allow
+                Resource:
+                  - '*'
+          PolicyName: !Sub '${AWS::StackName}CloudWatchLogsPolicy'
+    Type: 'AWS::IAM::Role'
+  ExampleWaitHandle:
+    Properties: {}
+    Type: 'AWS::CloudFormation::WaitConditionHandle'
+  JavaScriptESDK:
+    Properties:
+      Artifacts:
+        Type: NO_ARTIFACTS
+      Environment:
+        ComputeType: BUILD_GENERAL1_SMALL
+        Image: 'aws/codebuild/standard:2.0'
+        Type: LINUX_CONTAINER
+      LogsConfig:
+        S3Logs:
+          Location: !Sub '${LogBucket}/JavaScriptESDK'
+          Status: ENABLED
+      Name: JavaScriptESDK
+      ServiceRole: !Ref CodeBuildRole
+      Source:
+        Location: 'https://github.com/awslabs/aws-encryption-sdk-javascript'
+        ReportBuildStatus: 'true'
+        Type: GITHUB
+    Type: 'AWS::CodeBuild::Project'
+  LogBucket:
+    Type: 'AWS::S3::Bucket'
+
