From 30538b5d6f695fee7d70390be413fc4e6f9d713d Mon Sep 17 00:00:00 2001 From: Casey Lee Date: Thu, 5 Apr 2018 08:32:32 -0700 Subject: [PATCH] update to leverage new SAM policies --- README.md | 44 -------------------------------------------- template-sar.yml | 16 ++-------------- template.yml | 16 ++-------------- 3 files changed, 4 insertions(+), 72 deletions(-) diff --git a/README.md b/README.md index 7c1433c..13dc5bb 100644 --- a/README.md +++ b/README.md @@ -47,50 +47,6 @@ The list of pipelines in the dashboard cannot be generated dyanmically so anothe ![Success 2](docs/pipeline-dashboard-success-2.png) *Fig.2 - Pipelines in parallel* -# IAM polices ([Serverless Application Repository](https://serverlessrepo.aws.amazon.com/applications)) -You will need to manually apply the following inline policies to your IAM roles due to a limitation in the SAM policy templates. For the EventHandler IAM role (named something like *aws-serverless-repository-PipelineDashboardEventHa...*), add the following inline policy using these steps: - -1. Go to [IAM Roles](https://console.aws.amazon.com/iam/home?region=us-east-1#/roles/) -1. Select the IAM role name -1. Click **Add inline policy** -1. Click the **JSON** tab and paste the content below: -1. Click though the remaining steps to name and save the IAM policy - -``` -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "codepipeline:ListPipelineExecutions" - ], - "Resource": "*" - } - ] -} -``` - -For the dashboard generator IAM role (named something like *aws-serverless-repository-PipelineDashboardGenerat...*), add the following inline policy (using the same steps as described above): - -``` -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "cloudwatch:ListMetrics", - "cloudwatch:GetDashboard", - "cloudwatch:PutDashboard" - ], - "Resource": "*" - } - ] -} -``` - - # Development diff --git a/template-sar.yml b/template-sar.yml index 595ba1b..de02c1e 100644 --- a/template-sar.yml +++ b/template-sar.yml @@ -22,12 +22,7 @@ Resources: - "CodePipeline Action Execution State Change" Policies: - CloudWatchPutMetricPolicy: {} -# - Version: '2012-10-17' -# Statement: -# - Effect: Allow -# Resource: '*' -# Action: -# - codepipeline:ListPipelineExecutions + - CodePipelineReadOnlyPolicy: {} PipelineDashboardGenerator: Type: 'AWS::Serverless::Function' Properties: @@ -42,11 +37,4 @@ Resources: Properties: Schedule: "cron(*/5 * * * ? *)" Policies: -# - Version: '2012-10-17' -# Statement: -# - Effect: Allow -# Resource: '*' -# Action: -# - cloudwatch:ListMetrics -# - cloudwatch:GetDashboard -# - cloudwatch:PutDashboard + - CloudWatchDashboardPolicy: {} diff --git a/template.yml b/template.yml index 16d6f76..aa6c357 100644 --- a/template.yml +++ b/template.yml @@ -22,12 +22,7 @@ Resources: - "CodePipeline Action Execution State Change" Policies: - CloudWatchPutMetricPolicy: {} - - Version: '2012-10-17' - Statement: - - Effect: Allow - Resource: '*' - Action: - - codepipeline:ListPipelineExecutions + - CodePipelineReadOnlyPolicy: {} PipelineDashboardGenerator: Type: 'AWS::Serverless::Function' Properties: @@ -42,11 +37,4 @@ Resources: Properties: Schedule: "cron(*/5 * * * ? *)" Policies: - - Version: '2012-10-17' - Statement: - - Effect: Allow - Resource: '*' - Action: - - cloudwatch:ListMetrics - - cloudwatch:GetDashboard - - cloudwatch:PutDashboard + - CloudWatchDashboardPolicy: {}