improve policy description
This commit is contained in:
parent
b7ac98ed9a
commit
49946b6546
@ -21,7 +21,7 @@ new aws.iam.RolePolicyAttachment(`${prefix}-policy-codebuild`, {
|
|||||||
role: role.name,
|
role: role.name,
|
||||||
policyArn: aws.iam.ManagedPolicies.AWSCodeBuildDeveloperAccess,
|
policyArn: aws.iam.ManagedPolicies.AWSCodeBuildDeveloperAccess,
|
||||||
});
|
});
|
||||||
new aws.iam.RolePolicy(`${prefix}-role-policy`, {
|
new aws.iam.RolePolicy(`${prefix}-role-policy-bucket`, {
|
||||||
role: role.name,
|
role: role.name,
|
||||||
policy: pulumi.all([backend.bucket.arn, frontend.bucket.arn]).apply(([be, fe]) => JSON.stringify({
|
policy: pulumi.all([backend.bucket.arn, frontend.bucket.arn]).apply(([be, fe]) => JSON.stringify({
|
||||||
Version: "2012-10-17",
|
Version: "2012-10-17",
|
||||||
@ -42,6 +42,29 @@ new aws.iam.RolePolicy(`${prefix}-role-policy`, {
|
|||||||
],
|
],
|
||||||
Resource: [ be, fe, ],
|
Resource: [ be, fe, ],
|
||||||
},
|
},
|
||||||
|
]
|
||||||
|
})),
|
||||||
|
});
|
||||||
|
new aws.iam.RolePolicy(`${prefix}-role-policy-lambda`, {
|
||||||
|
role: role.name,
|
||||||
|
policy: pulumi.all([backend.lambda.arn]).apply(([lambda]) => JSON.stringify({
|
||||||
|
Version: "2012-10-17",
|
||||||
|
Statement: [
|
||||||
|
{
|
||||||
|
Effect: "Allow",
|
||||||
|
Action: [
|
||||||
|
"lambda:UpdateFunctionCode",
|
||||||
|
],
|
||||||
|
Resource: lambda,
|
||||||
|
},
|
||||||
|
]
|
||||||
|
})),
|
||||||
|
});
|
||||||
|
new aws.iam.RolePolicy(`${prefix}-role-policy-logs`, {
|
||||||
|
role: role.name,
|
||||||
|
policy: JSON.stringify({
|
||||||
|
Version: "2012-10-17",
|
||||||
|
Statement: [
|
||||||
{
|
{
|
||||||
Effect: "Allow",
|
Effect: "Allow",
|
||||||
Action: [
|
Action: [
|
||||||
@ -52,7 +75,7 @@ new aws.iam.RolePolicy(`${prefix}-role-policy`, {
|
|||||||
Resource: "*",
|
Resource: "*",
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
})),
|
}),
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user