private Role CreatePipelineRole() { return(IamUtil.CreateRole( "WakerUpperPipeline", "codepipeline.amazonaws.com", "arn:aws:iam::aws:policy/AdministratorAccess")); }
private Role CreateCloudFormationRole() { return(IamUtil.CreateRole( "WakerUpperCloudFormation", "cloudformation.amazonaws.com", "arn:aws:iam::aws:policy/AdministratorAccess")); }
private Role CreateBuildRole() { Role role = IamUtil.CreateRole( "WakerUpperBuild", "codebuild.amazonaws.com", "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess"); // add permissions not covered by the managed policies Output <GetPolicyDocumentResult> policyDocument = Output.Create(GetPolicyDocument.InvokeAsync(new GetPolicyDocumentArgs { Statements = { new GetPolicyDocumentStatementArgs { Resources ={ "*" }, Actions = { "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject", }, } } })); RolePolicy policy = new RolePolicy("WakerUpperBuilder", new RolePolicyArgs { Role = role.Id, Policy = policyDocument.Apply(p => p.Json), }); return(role); }