Role DSL
Pipe Dream can create the IAM service role associated with the pipeline. Here’s an example:
.pipedream/role.rb:
iam_policy("logs", "ssm")
For more control, here’s a longer form:
iam_policy(
action: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ssm:*",
],
effect: "Allow",
resource: "*"
)
You can also create managed IAM policy.
managed_iam_policy("AmazonS3ReadOnlyAccess")
You can also add multiple managed IAM policies:
managed_iam_policy("AmazonS3ReadOnlyAccess", "AmazonEC2ReadOnlyAccess")
Full DSL
The convenience methods merely wrap properties of the AWS::IAM::Role CloudFormation Resource. If you wanted to set the CloudFormation properties more directly, here’s an example of using the “Full” DSL.
.pipedream/role.rb:
assume_role_policy_document(
statement: [{
action: ["sts:AssumeRole"],
effect: "Allow",
principal: {
service: ["codepipeline.amazonaws.com"]
}
}],
version: "2012-10-17"
)
path("/")
policies([{
policy_name: "CodeBuildAccess",
policy_document: {
version: "2012-10-17",
statement: [{
action: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
effect: "Allow",
resource: "*"
}]
}
}])
Pro tip: Use the <- and -> arrow keys to move back and forward.
Edit this page
See a typo or an error? You can improve this page. This website is available on GitHub, and contributions are encouraged and welcomed. We love pull requests from you!
- Suggest an edit to this page (here's the contributing guide).
- Open an issue about this page to report a problem.