Skip to content

Commit

Permalink
Merge pull request #62 from kwong-chong-lfs/patch-1
Browse files Browse the repository at this point in the history 
Adding permissions boundary
  • Loading branch information
@moskyb
moskyb authored Jun 7, 2022
2 parents 2b25bd2 + dafc154 commit 905eb39
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,12 +59,19 @@ Parameters:
- "true"
- "false"
Default: "true"

RolePermissionsBoundaryARN:
Type: String
Description: The ARN of the policy used to set the permissions boundary for the role.
Default: ""

Conditions:
CreateRole:
!Equals [ !Ref AutoscalingLambdaExecutionRole, '' ]
UseKmsKeyForParameterStore:
!Not [ !Equals [ !Ref BuildkiteAgentTokenParameterStoreKMSKey, "" ] ]
SetRolePermissionsBoundaryARN:
!Not [ !Equals [ !Ref RolePermissionsBoundaryARN, "" ] ]

Mappings:
LambdaBucket:
Expand Down Expand Up @@ -95,6 +102,7 @@ Resources:
Condition: CreateRole
Properties:
Path: "/"
PermissionsBoundary: !If [ SetRolePermissionsBoundaryARN, !Ref RolePermissionsBoundaryARN, !Ref "AWS::NoValue" ]
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Expand Down Expand Up @@ -148,6 +156,7 @@ Resources:
Properties:
CodeUri: handler.zip
Role: !If [ CreateRole, !GetAtt ExecutionRole.Arn, !Ref AutoscalingLambdaExecutionRole ]
PermissionsBoundary: !If [ SetRolePermissionsBoundaryARN, !Ref RolePermissionsBoundaryARN, !Ref "AWS::NoValue" ]
Timeout: 120
Handler: handler
Runtime: go1.x
Expand Down

0 comments on commit 905eb39

Please sign in to comment.