From 93d36b32cfd4b6ea4c29762ee812e406751cbf04 Mon Sep 17 00:00:00 2001 From: rrigato Date: Sun, 17 Dec 2023 11:05:16 -0800 Subject: [PATCH 1/2] remove DevArtifactsBucket --- templates/code_pipeline.yml | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/templates/code_pipeline.yml b/templates/code_pipeline.yml index 16553f9..3cce6de 100644 --- a/templates/code_pipeline.yml +++ b/templates/code_pipeline.yml @@ -49,28 +49,6 @@ Resources: !Join [' ', ['Repo for ', !Ref ProjectName, !Ref RepositoryDescription]] RepositoryName: !Ref ProjectName - ########################## - #Build logs for CodeBuildPythonTests - #CodeBuild stage - # - # - ########################## - DevArtifactsBucket: - Type: AWS::S3::Bucket - Properties: - BucketName: - !Join ['', ['codebuild-dev-', !Ref ProjectName]] - Tags: - - - Key: stage - Value: dev - - - Key: retain - Value: "false" - - - Key: project - Value: !Ref ProjectName - ########################################## #Code Pipeline Is broken down into stages From e2e803a15245563db519046c0cbd923b4472af5a Mon Sep 17 00:00:00 2001 From: rrigato Date: Sun, 17 Dec 2023 11:09:05 -0800 Subject: [PATCH 2/2] remove CodeBuildRole --- templates/code_pipeline.yml | 89 ------------------------------------- 1 file changed, 89 deletions(-) diff --git a/templates/code_pipeline.yml b/templates/code_pipeline.yml index 3cce6de..2d69a52 100644 --- a/templates/code_pipeline.yml +++ b/templates/code_pipeline.yml @@ -162,95 +162,6 @@ Resources: RunOrder: 1 -#################################### -#Role that will be assumed when -#CodeBuild runs for dev -# -#################################### - CodeBuildRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: ['sts:AssumeRole'] - Effect: Allow - Principal: - Service: [codebuild.amazonaws.com] - Version: '2012-10-17' - ManagedPolicyArns: - - arn:aws:iam::aws:policy/AWSCloudFormationFullAccess - - arn:aws:iam::aws:policy/AWSCodeCommitPowerUser - - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess - Path: / - Policies: - - PolicyName: CodeBuildCustomerManaged - PolicyDocument: - Version: "2012-10-17" - Statement: - - Sid: IAMallow - Effect: Allow - ####################################### - #Allowing lambda to perform a PutItem on - #DynamoDB - # - ####################################### - Action: - - iam:PassRole - - iam:CreateRole - - iam:DeleteRole - - iam:GetRole - - iam:UpdateAssumeRolePolicy - - iam:DetachRolePolicy - - iam:DeleteRolePolicy - - iam:PutRolePolicy - - iam:AttachRolePolicy - - iam:TagRole - Resource: - - "*" - ####################### - #Permissions needed for aws - #CodeBuild service to run - ####################### - - Sid: S3WebsiteCreation - Effect: Allow - ####################################### - #Allowing CodeBuild to create - #resources necessary for s3 static webpage - # - ####################################### - Action: - - s3:CreateBucket - - s3:DeleteBucket - - s3:DeleteBucketPolicy - - s3:DeleteObject - - s3:GetBucketAcl - - s3:GetBucketLocation - - s3:GetObject - - s3:GetObjectVersion - - s3:ListBucket - - s3:ListAllMyBuckets - - s3:PutBucketCORS - - s3:PutBucketPolicy - - s3:PutBucketWebsite - - s3:PutObject - - Resource: - - "*" - ####################### - #Permissions needed for aws - #CodeBuild to access client secrets - ####################### - - Sid: SecretsManagerAccess - Effect: Allow - Action: - - secretsmanager:GetSecretValue # pragma: allowlist secret - - secretsmanager:UpdateSecret # pragma: allowlist secret - - secretsmanager:DeleteSecret # pragma: allowlist secret - Resource: - - "*" - - - #################### #Role assumed by cloudformation