codecommit-httpscreds-cloudformation/00_shared-infrastructure.yaml at master · simonmackinnon/codecommit-httpscreds-cloudformation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'A template with a Mapping to allow it to be run in a number of regions.'
Parameters:
  groupname:
    Type: String
    Default: ""
    Description: Name for the CodeCommit IAM group
Resources:
  S3LambdaBucket:
    DeletionPolicy: Delete
    Type: "AWS::S3::Bucket"
    Properties:
      AccessControl: PublicRead
      WebsiteConfiguration:
        ErrorDocument: index.html
        IndexDocument: index.html
  BucketPolicyLambda:
    Type: "AWS::S3::BucketPolicy"
    Properties:
      Bucket: !Ref S3LambdaBucket
      PolicyDocument:
        Statement:
          -
            Sid: "ABC123"
            Action:
              - "s3:GetObject"
            Effect: Allow
            Resource: !Join ["", ["arn:aws:s3:::", !Ref S3LambdaBucket, "/*"]]
            Principal:
              AWS:
                - "*"
  iamGroup:
    Type: AWS::IAM::Group
    Properties:
      GroupName: !Ref groupname
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AdministratorAccess
Outputs:
  lambdabucket:
    Description: Shared Infrastructure Lambda Bucket
    Value: !Ref S3LambdaBucket
    Export: # added to export
      Name: sharedinf-lambdabucketname
  codecommitgroup:
    Description: Shared Infrastructure IAM Group for Code Commit User
    Value: !Ref iamGroup
    Export: # added to export
      Name: sharedinf-codecommitgroup