From e02fc504c31ed869f3a7afe88574f26384b317a5 Mon Sep 17 00:00:00 2001 From: lolli001 Date: Wed, 17 Jul 2024 15:10:12 -0400 Subject: [PATCH] Iam Policy added | Apply Works --- README.md | 5 +++++ iam_policy.tf | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 iam_policy.tf diff --git a/README.md b/README.md index c4195ac..c6b12d1 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,7 @@ # aws-image-pipeline Terraform Workspace for creating and managing AWS Image Pipelines + + + +To SSO Login: +aws sso login --profile 229685449397-csvd-dev-gov.inf-admin-t2 \ No newline at end of file diff --git a/iam_policy.tf b/iam_policy.tf new file mode 100644 index 0000000..8fcfbfd --- /dev/null +++ b/iam_policy.tf @@ -0,0 +1,36 @@ +resource "aws_iam_policy" "rhel_arm_codepipeline_permissions" { + name = "rhel-arm-codepipeline-permissions" + description = "IAM policy for RHEL ARM CodePipeline to access necessary CodeCommit repositories" + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Effect = "Allow" + Action = [ + "codecommit:GetBranch", + "codecommit:GetCommit", + "codecommit:UploadArchive", + "codecommit:ListRepositories", + "codecommit:ListBranches", + "codecommit:GitPush", + "codecommit:GitPull", + "codecommit:GetUploadArchiveStatus", + "codecommit:GetRepository", + "codecommit:CreateCommit", + "codecommit:BatchGetRepositories", + "codecommit:BatchGetCommits" + ] + Resource = [ + "arn:aws-us-gov:codecommit:us-gov-west-1:229685449397:linux-image-pipeline", + "arn:aws-us-gov:codecommit:us-gov-west-1:229685449397:image-pipeline-ansible-playbooks", + "arn:aws-us-gov:codecommit:us-gov-west-1:229685449397:image-pipeline-goss-testing" + ] + } + ] + }) +} + +resource "aws_iam_role_policy_attachment" "rhel_arm_codepipeline_role_attachment" { + role = "rhel-arm-image-pipeline-demo-codepipeline-role" + policy_arn = aws_iam_policy.rhel_arm_codepipeline_permissions.arn +}