Skip to content

Commit

Permalink
fix(codedeploy): grant the CodeCommit source Action read-write permis…
Browse files Browse the repository at this point in the history
…sions to the Pipeline's Bucket.

Fixes aws#3170
  • Loading branch information
skinny85 committed Jul 2, 2019
1 parent cd1b16f commit 6c271ea
Show file tree
Hide file tree
Showing 7 changed files with 68 additions and 26 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ export class CodeCommitSourceAction extends Action {

// the Action will write the contents of the Git repository to the Bucket,
// so its Role needs write permissions to the Pipeline Bucket
options.bucket.grantWrite(options.role);
options.bucket.grantReadWrite(options.role);

// https://docs.aws.amazon.com/codecommit/latest/userguide/auth-and-access-control-permissions-reference.html#aa-acp
options.role.addToPolicy(new iam.PolicyStatement({
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down Expand Up @@ -448,6 +450,9 @@
"Statement": [
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
"s3:DeleteObject*",
"s3:PutObject*",
"s3:Abort*"
Expand Down Expand Up @@ -478,6 +483,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down Expand Up @@ -810,4 +817,4 @@
}
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand All @@ -79,6 +81,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down Expand Up @@ -567,6 +571,9 @@
"Statement": [
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
"s3:DeleteObject*",
"s3:PutObject*",
"s3:Abort*"
Expand Down Expand Up @@ -597,6 +604,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down Expand Up @@ -675,6 +684,9 @@
"Statement": [
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
"s3:DeleteObject*",
"s3:PutObject*",
"s3:Abort*"
Expand Down Expand Up @@ -705,6 +717,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down Expand Up @@ -1610,4 +1624,4 @@
}
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -158,9 +158,25 @@
},
{
"Action": [
"s3:DeleteObject*",
"s3:PutObject*",
"s3:Abort*"
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:UploadArchive",
"codecommit:GetUploadArchiveStatus",
"codecommit:CancelUploadArchive"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"MyRepoF4F48043",
"Arn"
]
}
},
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*"
],
"Effect": "Allow",
"Resource": [
Expand Down Expand Up @@ -188,25 +204,9 @@
},
{
"Action": [
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:UploadArchive",
"codecommit:GetUploadArchiveStatus",
"codecommit:CancelUploadArchive"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"MyRepoF4F48043",
"Arn"
]
}
},
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*"
"s3:DeleteObject*",
"s3:PutObject*",
"s3:Abort*"
],
"Effect": "Allow",
"Resource": [
Expand Down Expand Up @@ -650,4 +650,4 @@
}
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -284,6 +284,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down Expand Up @@ -654,6 +656,9 @@
"Statement": [
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
"s3:DeleteObject*",
"s3:PutObject*",
"s3:Abort*"
Expand Down Expand Up @@ -684,6 +689,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down Expand Up @@ -419,6 +421,9 @@
"Statement": [
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
"s3:DeleteObject*",
"s3:PutObject*",
"s3:Abort*"
Expand Down Expand Up @@ -449,6 +454,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down Expand Up @@ -379,6 +381,9 @@
"Statement": [
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
"s3:DeleteObject*",
"s3:PutObject*",
"s3:Abort*"
Expand Down Expand Up @@ -409,6 +414,8 @@
},
{
"Action": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
Expand Down

0 comments on commit 6c271ea

Please sign in to comment.