Iam Policy added | Apply Works

README.md

@@ -1,2 +1,7 @@
 # aws-image-pipeline
 Terraform Workspace for creating and managing AWS Image Pipelines
+
+
+
+To SSO Login: 
+aws sso login --profile 229685449397-csvd-dev-gov.inf-admin-t2

iam_policy.tf

@@ -0,0 +1,36 @@
+resource "aws_iam_policy" "rhel_arm_codepipeline_permissions" {
+  name        = "rhel-arm-codepipeline-permissions"
+  description = "IAM policy for RHEL ARM CodePipeline to access necessary CodeCommit repositories"
+  policy      = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "codecommit:GetBranch",
+          "codecommit:GetCommit",
+          "codecommit:UploadArchive",
+          "codecommit:ListRepositories",
+          "codecommit:ListBranches",
+          "codecommit:GitPush",
+          "codecommit:GitPull",
+          "codecommit:GetUploadArchiveStatus",
+          "codecommit:GetRepository",
+          "codecommit:CreateCommit",
+          "codecommit:BatchGetRepositories",
+          "codecommit:BatchGetCommits"
+        ]
+        Resource = [
+          "arn:aws-us-gov:codecommit:us-gov-west-1:229685449397:linux-image-pipeline",
+          "arn:aws-us-gov:codecommit:us-gov-west-1:229685449397:image-pipeline-ansible-playbooks",
+          "arn:aws-us-gov:codecommit:us-gov-west-1:229685449397:image-pipeline-goss-testing"
+        ]
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "rhel_arm_codepipeline_role_attachment" {
+  role       = "rhel-arm-image-pipeline-demo-codepipeline-role"
+  policy_arn = aws_iam_policy.rhel_arm_codepipeline_permissions.arn
+}