layla/defend-together
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2023-04-11. You can view files and clone it, but cannot push or open issues or pull requests.
bc66b14208
defend-together/infrastructure/cloudformation/dt/iam.yaml

53 lines
1.5 KiB
YAML
Raw Normal View History

Create infrastructure to call lambda
2020-05-14 10:39:51 +02:00
AWSTemplateFormatVersion: "2010-09-09"
Description: DT IAM stack
Parameters:
#------------------------
# Deployment Information
#------------------------
environment:
Type: String
Description: Name of the environment
Default: production
Resources:
DefaultLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: LambdaLogging
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: "*"
Give ec2 network permissions
2020-05-14 11:25:59 +02:00
- PolicyName: AttachToVpc
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
- ec2:DescribeSecurityGroups
- ec2:DescribeSubnets
- ec2:DescribeVpcs
Resource: "*"
Create infrastructure to call lambda
2020-05-14 10:39:51 +02:00
Outputs:
DefaultRole:
Description: Default lambda role with logging policy
IAM arn
2020-05-14 11:18:53 +02:00
Value: !GetAtt DefaultLambdaRole.Arn
Reference in New Issue Copy Permalink