tests/bootstrap.template from binoculars/aws-cloudformation-cognito-identity-pool

tests/bootstrap.template
Summary

Maintainability

Test Coverage

Issues
{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "Bootstrap template for creating a continuous integration user and permissions",
    "Resources": {
        "Bucket": {
            "Type": "AWS::S3::Bucket"
        },
        "CognitoRole": {
            "Type": "AWS::IAM::Role",
            "Properties": {
                "AssumeRolePolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "Federated": "cognito-identity.amazonaws.com"
                            },
                            "Action": "sts:AssumeRoleWithWebIdentity",
                            "Condition": {
                                "StringEquals": {
                                    "cognito-identity.amazonaws.com:aud": ""
                                },
                                "ForAnyValue:StringLike": {
                                    "cognito-identity.amazonaws.com:amr": "authenticated"
                                }
                            }
                        }
                    ]
                }
            }
        },
        "CIPolicy": {
            "Type": "AWS::IAM::ManagedPolicy",
            "Properties": {
                "Description": "Policy for the CI User",
                "PolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Action": [
                                "s3:DeleteObject",
                                "s3:GetObject",
                                "s3:PutObject"
                            ],
                            "Resource": {
                                "Fn::Join": [
                                    "",
                                    [
                                        "arn:aws:s3:::",
                                        {
                                            "Ref": "Bucket"
                                        },
                                        "/*"
                                    ]
                                ]
                            }
                        },
                        {
                            "Effect": "Allow",
                            "Action": [
                                "cognito-identity:CreateIdentityPool",
                                "cognito-identity:DeleteIdentityPool",
                                "cognito-identity:SetIdentityPoolRoles",
                                "cognito-identity:UpdateIdentityPool"
                            ],
                            "Resource": {
                                "Fn::Join": [
                                    "",
                                    [
                                        "arn:aws:cognito-identity:",
                                        {
                                            "Ref": "AWS::Region"
                                        },
                                        ":",
                                        {
                                            "Ref": "AWS::AccountId"
                                        },
                                        ":identitypool/*"
                                    ]
                                ]
                            }
                        },
                        {
                            "Effect": "Allow",
                            "Action": [
                                "iam:PassRole"
                            ],
                            "Resource": {
                                "Fn::GetAtt": [
                                    "CognitoRole",
                                    "Arn"
                                ]
                            }
                        }
                    ]
                }
            }
        },
        "CIUser": {
            "Type": "AWS::IAM::User",
            "DependsOn": [
                "CIPolicy"
            ],
            "Properties": {
                "Path": "/ci/",
                "ManagedPolicyArns": [
                    {
                        "Ref": "CIPolicy"
                    }
                ]
            }
        },
        "CIUserAccessKey": {
            "Type": "AWS::IAM::AccessKey",
            "DependsOn": [
                "CIUser"
            ],
            "Properties": {
                "UserName": {
                    "Ref": "CIUser"
                }
            }
        }
    },
    "Outputs": {
        "CIUserAccessKey": {
            "Value": {
                "Ref": "CIUserAccessKey"
            }
        },
        "CIUserSecretKey": {
            "Value": {
                "Fn::GetAtt": [
                    "CIUserAccessKey",
                    "SecretAccessKey"
                ]
            }
        },
        "CIRegion": {
            "Value": {
                "Ref": "AWS::Region"
            }
        },
        "Bucket": {
            "Value": {
                "Ref": "Bucket"
            }
        },
        "CognitoRole": {
            "Value": {
                "Fn::GetAtt": [
                    "CognitoRole",
                    "Arn"
                ]
            }
        }
    }
}