صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
akillibulut
/
porter
mirrorاز https://github.com/porter-dev/porter
2
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
شاخه: master
شاخه‌ها تگ‌ها
porter
/
zarf
/
cloudformation-policy.json

cloudformation-policy.json 2.5 KB
لینک دائمی تاريخچه خام

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. {
    2. 

  2.   "AWSTemplateFormatVersion": "2010-09-09",
    3. 

  3.   "Resources": {
    4. 

  4.       "PorterRole": {
    5. 

  5.           "Type": "AWS::IAM::Role",
    6. 

  6.           "Properties": {
    7. 

  7.               "AssumeRolePolicyDocument": {
    8. 

  8.                   "Version": "2012-10-17",
    9. 

  9.                   "Statement": [
    10. 

  10.                       {
    11. 

  11.                           "Effect": "Allow",
    12. 

  12.                           "Principal": {
    13. 

  13.                               "AWS": [
    14. 

  14.                                   "arn:aws:iam::108458755588:role/CAPIManagement"
    15. 

  15.                               ]
    16. 

  16.                           },
    17. 

  17.                           "Condition": {
    18. 

  18.                               "StringEquals": {
    19. 

  19.                                   "sts:ExternalId": {
    20. 

  20.                                       "Ref": "ExternalIdParameter"
    21. 

  21.                                   }
    22. 

  22.                               }   
    23. 

  23.                           },
    24. 

  24.                           "Action": [
    25. 

  25.                               "sts:AssumeRole"
    26. 

  26.                           ]
    27. 

  27.                       },
    28. 

  28.                       {
    29. 

  29.                           "Effect": "Allow",
    30. 

  30.                           "Principal": {
    31. 

  31.                               "Service": [
    32. 

  32.                                   "ec2.amazonaws.com"
    33. 

  33.                               ]
    34. 

  34.                           },
    35. 

  35.                           "Action": [
    36. 

  36.                               "sts:AssumeRole"
    37. 

  37.                           ]
    38. 

  38.                       },
    39. 

  39.                       {
    40. 

  40.                           "Effect": "Allow",
    41. 

  41.                           "Principal": {
    42. 

  42.                               "Service": [
    43. 

  43.                                   "eks.amazonaws.com"
    44. 

  44.                               ]
    45. 

  45.                           },
    46. 

  46.                           "Action": [
    47. 

  47.                               "sts:AssumeRole"
    48. 

  48.                           ]
    49. 

  49.                       }
    50. 

  50.                   ]
    51. 

  51.               },
    52. 

  52.               "Path": "/",
    53. 

  53.               "ManagedPolicyArns": [
    54. 

  54.                   "arn:aws:iam::aws:policy/AdministratorAccess",
    55. 

  55.                   "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
    56. 

  56.                   "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
    57. 

  57.                   "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
    58. 

  58.                   "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
    59. 

  59.               ],
    60. 

  60.               "RoleName": "PorterRole"
    61. 

  61.           }
    62. 

  62.       }
    63. 

  63.   },
    64. 

  64.   "Parameters": {
    65. 

  65.       "ExternalIdParameter": {
    66. 

  66.           "Type" : "String",
    67. 

  67.           "Description": "External ID required for CAPIManagement role to access target ARN."
    68. 

  68.       }
    69. 

  69.   }
    70. 

  70. }
    71.