tests/bootstrap.template
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Bootstrap template for creating a continuous integration user and permissions",
"Resources": {
"Bucket": {
"Type": "AWS::S3::Bucket"
},
"CognitoRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": ""
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated"
}
}
}
]
}
}
},
"CIPolicy": {
"Type": "AWS::IAM::ManagedPolicy",
"Properties": {
"Description": "Policy for the CI User",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "Bucket"
},
"/*"
]
]
}
},
{
"Effect": "Allow",
"Action": [
"cognito-identity:CreateIdentityPool",
"cognito-identity:DeleteIdentityPool",
"cognito-identity:SetIdentityPoolRoles",
"cognito-identity:UpdateIdentityPool"
],
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:cognito-identity:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":identitypool/*"
]
]
}
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": {
"Fn::GetAtt": [
"CognitoRole",
"Arn"
]
}
}
]
}
}
},
"CIUser": {
"Type": "AWS::IAM::User",
"DependsOn": [
"CIPolicy"
],
"Properties": {
"Path": "/ci/",
"ManagedPolicyArns": [
{
"Ref": "CIPolicy"
}
]
}
},
"CIUserAccessKey": {
"Type": "AWS::IAM::AccessKey",
"DependsOn": [
"CIUser"
],
"Properties": {
"UserName": {
"Ref": "CIUser"
}
}
}
},
"Outputs": {
"CIUserAccessKey": {
"Value": {
"Ref": "CIUserAccessKey"
}
},
"CIUserSecretKey": {
"Value": {
"Fn::GetAtt": [
"CIUserAccessKey",
"SecretAccessKey"
]
}
},
"CIRegion": {
"Value": {
"Ref": "AWS::Region"
}
},
"Bucket": {
"Value": {
"Ref": "Bucket"
}
},
"CognitoRole": {
"Value": {
"Fn::GetAtt": [
"CognitoRole",
"Arn"
]
}
}
}
}