diff options
| author | Tobrun <tobrun.van.nuland@gmail.com> | 2018-11-08 16:40:39 +0100 |
|---|---|---|
| committer | Tobrun <tobrun@mapbox.com> | 2018-11-08 18:49:33 +0100 |
| commit | 30cec1b844a59449efb42da22598b7b04e7a8a3c (patch) | |
| tree | 126963d19ca53e59dcbbd3783e6a87ae345725f8 /ci.template | |
| parent | 86d2e928f200613da4232e7a53070c35a5848f02 (diff) | |
[all] - move cloudformation to be mbxcli compatible
Diffstat (limited to 'ci.template')
| -rw-r--r-- | ci.template | 317 |
1 files changed, 317 insertions, 0 deletions
diff --git a/ci.template b/ci.template new file mode 100644 index 000000000..db4e59eb7 --- /dev/null +++ b/ci.template @@ -0,0 +1,317 @@ + +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "mapbox-gl-native travis resources", + "Resources": { + "BuildUser": { + "Type": "AWS::IAM::User", + "Properties": { + "Policies": [ + { + "PolicyName": "list-testing", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::mapbox" + ], + "Condition": { + "StringLike": { + "s3:prefix": "mapbox-gl-native/*" + } + } + } + ] + } + }, + { + "PolicyName": "build-testing", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::mapbox/mapbox-gl-native/*" + ] + } + ] + } + }, + { + "PolicyName": "list-node", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:ListBucket" + ], + "Resource": [ + "arn:aws:s3:::mapbox-node-binary" + ], + "Effect": "Allow" + } + ] + } + }, + { + "PolicyName": "build-node", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Resource": [ + "arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*" + ], + "Effect": "Allow" + } + ] + } + }, + { + "PolicyName": "android", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeInstances", + "ec2:RunInstances", + "ec2:CreateTags", + "ec2:GetConsoleOutput" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": { + "Fn::GetAtt": [ + "AndroidRole", + "Arn" + ] + } + } + ] + } + }, + { + "PolicyName": "cloudwatch-metrics", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "cloudwatch:PutMetricData", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ] + } + }, + { + "PolicyName": "get-signing-key", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg" + ] + } + ] + } + }, + { + "PolicyName": "publish-metrics", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::mapbox/mapbox-gl-native/metrics/*" + ] + } + ] + } + }, + { + "PolicyName": "cloudwatch-metrics", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "cloudwatch:PutMetricData", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ] + } + }, + { + "PolicyName": "publish-nightlies", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*" + ] + } + ] + } + } + ] + } + }, + "BuildUserKey": { + "Type": "AWS::IAM::AccessKey", + "Properties": { + "UserName": { + "Ref": "BuildUser" + } + } + }, + "AndroidRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + "ec2.amazonaws.com" + ] + }, + "Action": [ + "sts:AssumeRole" + ] + } + ] + }, + "Policies": [ + { + "PolicyName": "android-testing", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:PutObject" + ], + "Resource": [ + "arn:aws:s3:::mapbox-gl-testing/android/*" + ] + } + ] + } + }, + { + "PolicyName": "android", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:PutObject" + ], + "Resource": [ + "arn:aws:s3:::mapbox/mapbox-gl-native/android/build/*" + ] + } + ] + } + } + ], + "Path": "/android-gl-build/travis/role/" + } + }, + "AndroidInstanceProfile": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "AndroidRole" + } + ], + "Path": "/android-gl-build/travis/instance-profile/" + } + } + }, + "Outputs": { + "AccessKeyId": { + "Value": { + "Ref": "BuildUserKey" + } + }, + "SecretAccessKey": { + "Value": { + "Fn::GetAtt": [ + "BuildUserKey", + "SecretAccessKey" + ] + } + }, + "AndroidInstanceProfile": { + "Value": { + "Fn::GetAtt": [ + "AndroidInstanceProfile", + "Arn" + ] + } + }, + "AndroidRole": { + "Value": { + "Fn::GetAtt": [ + "AndroidRole", + "Arn" + ] + } + } + } +} |