· 4 years ago · Apr 04, 2021, 03:12 PM
1
2> cra-serverless@0.1.0 cdk
3> cdk "synth" "plants-pipeline"
4
5Resources:
6 Files8E6940B8:
7 Type: AWS::S3::Bucket
8 Properties:
9 WebsiteConfiguration:
10 IndexDocument: index.html
11 UpdateReplacePolicy: Retain
12 DeletionPolicy: Retain
13 Metadata:
14 aws:cdk:path: plants-pipeline/Files/Resource
15 FilesPolicyCFAB4773:
16 Type: AWS::S3::BucketPolicy
17 Properties:
18 Bucket:
19 Ref: Files8E6940B8
20 PolicyDocument:
21 Statement:
22 - Action: s3:GetObject
23 Effect: Allow
24 Principal: "*"
25 Resource:
26 Fn::Join:
27 - ""
28 - - Fn::GetAtt:
29 - Files8E6940B8
30 - Arn
31 - /*
32 Version: "2012-10-17"
33 Metadata:
34 aws:cdk:path: plants-pipeline/Files/Policy/Resource
35 SSMBucketAssetsName2DD49BDD:
36 Type: AWS::SSM::Parameter
37 Properties:
38 Type: String
39 Value:
40 Ref: Files8E6940B8
41 Description: S3 Bucket Name for Assets
42 Name: /plants/S3/Assets/Name
43 Metadata:
44 aws:cdk:path: plants-pipeline/SSMBucketAssetsName/Resource
45 SSMBucketAssetsDomainName32D1134E:
46 Type: AWS::SSM::Parameter
47 Properties:
48 Type: String
49 Value:
50 Fn::GetAtt:
51 - Files8E6940B8
52 - DomainName
53 Description: S3 Bucket DomainName for Assets
54 Name: /plants/S3/Assets/DomainName
55 Metadata:
56 aws:cdk:path: plants-pipeline/SSMBucketAssetsDomainName/Resource
57 PipelineArtifactsBucketEncryptionKey01D58D69:
58 Type: AWS::KMS::Key
59 Properties:
60 KeyPolicy:
61 Statement:
62 - Action:
63 - kms:Create*
64 - kms:Describe*
65 - kms:Enable*
66 - kms:List*
67 - kms:Put*
68 - kms:Update*
69 - kms:Revoke*
70 - kms:Disable*
71 - kms:Get*
72 - kms:Delete*
73 - kms:ScheduleKeyDeletion
74 - kms:CancelKeyDeletion
75 - kms:GenerateDataKey
76 - kms:TagResource
77 - kms:UntagResource
78 Effect: Allow
79 Principal:
80 AWS:
81 Fn::Join:
82 - ""
83 - - "arn:"
84 - Ref: AWS::Partition
85 - :iam::413025517373:root
86 Resource: "*"
87 - Action:
88 - kms:Decrypt
89 - kms:DescribeKey
90 - kms:Encrypt
91 - kms:ReEncrypt*
92 - kms:GenerateDataKey*
93 Effect: Allow
94 Principal:
95 AWS:
96 Fn::GetAtt:
97 - PipelineRoleD68726F7
98 - Arn
99 Resource: "*"
100 - Action:
101 - kms:Decrypt
102 - kms:DescribeKey
103 - kms:Encrypt
104 - kms:ReEncrypt*
105 - kms:GenerateDataKey*
106 Effect: Allow
107 Principal:
108 AWS:
109 Fn::GetAtt:
110 - BuildRole41B77417
111 - Arn
112 Resource: "*"
113 - Action:
114 - kms:Decrypt
115 - kms:Encrypt
116 - kms:ReEncrypt*
117 - kms:GenerateDataKey*
118 Effect: Allow
119 Principal:
120 AWS:
121 Fn::GetAtt:
122 - BuildRole41B77417
123 - Arn
124 Resource: "*"
125 - Action:
126 - kms:Decrypt
127 - kms:DescribeKey
128 - kms:Encrypt
129 - kms:ReEncrypt*
130 - kms:GenerateDataKey*
131 Effect: Allow
132 Principal:
133 AWS:
134 Fn::GetAtt:
135 - BuildAssetsRole6BD3461F
136 - Arn
137 Resource: "*"
138 - Action:
139 - kms:Decrypt
140 - kms:Encrypt
141 - kms:ReEncrypt*
142 - kms:GenerateDataKey*
143 Effect: Allow
144 Principal:
145 AWS:
146 Fn::GetAtt:
147 - BuildAssetsRole6BD3461F
148 - Arn
149 Resource: "*"
150 - Action:
151 - kms:Decrypt
152 - kms:DescribeKey
153 - kms:Encrypt
154 - kms:ReEncrypt*
155 - kms:GenerateDataKey*
156 Effect: Allow
157 Principal:
158 AWS:
159 Fn::GetAtt:
160 - BuildRenderRole2A1E7242
161 - Arn
162 Resource: "*"
163 - Action:
164 - kms:Decrypt
165 - kms:Encrypt
166 - kms:ReEncrypt*
167 - kms:GenerateDataKey*
168 Effect: Allow
169 Principal:
170 AWS:
171 Fn::GetAtt:
172 - BuildRenderRole2A1E7242
173 - Arn
174 Resource: "*"
175 - Action:
176 - kms:Decrypt
177 - kms:DescribeKey
178 Effect: Allow
179 Principal:
180 AWS:
181 Fn::GetAtt:
182 - PipelineDeployAssetsCodePipelineActionRole381C6B27
183 - Arn
184 Resource: "*"
185 - Action:
186 - kms:Decrypt
187 - kms:DescribeKey
188 Effect: Allow
189 Principal:
190 AWS:
191 Fn::GetAtt:
192 - PipelineDeployRenderRole71D39ECE
193 - Arn
194 Resource: "*"
195 - Action:
196 - kms:Decrypt
197 - kms:DescribeKey
198 Effect: Allow
199 Principal:
200 AWS:
201 Fn::GetAtt:
202 - PipelineDeployRenderCodePipelineActionRole7376DCF7
203 - Arn
204 Resource: "*"
205 - Action:
206 - kms:Decrypt
207 - kms:DescribeKey
208 Effect: Allow
209 Principal:
210 AWS:
211 Fn::GetAtt:
212 - PipelineDeployDomainRole8B4F5D16
213 - Arn
214 Resource: "*"
215 - Action:
216 - kms:Decrypt
217 - kms:DescribeKey
218 Effect: Allow
219 Principal:
220 AWS:
221 Fn::GetAtt:
222 - PipelineDeployDomainCodePipelineActionRole2C3BA570
223 - Arn
224 Resource: "*"
225 - Action:
226 - kms:Decrypt
227 - kms:DescribeKey
228 Effect: Allow
229 Principal:
230 AWS:
231 Fn::GetAtt:
232 - ReleaseCDNRole92836511
233 - Arn
234 Resource: "*"
235 - Action:
236 - kms:Decrypt
237 - kms:Encrypt
238 - kms:ReEncrypt*
239 - kms:GenerateDataKey*
240 Effect: Allow
241 Principal:
242 AWS:
243 Fn::GetAtt:
244 - ReleaseCDNRole92836511
245 - Arn
246 Resource: "*"
247 Version: "2012-10-17"
248 UpdateReplacePolicy: Delete
249 DeletionPolicy: Delete
250 Metadata:
251 aws:cdk:path: plants-pipeline/Pipeline/ArtifactsBucketEncryptionKey/Resource
252 PipelineArtifactsBucketEncryptionKeyAlias5C510EEE:
253 Type: AWS::KMS::Alias
254 Properties:
255 AliasName: alias/codepipeline-plantspipelinepipeline85a39223
256 TargetKeyId:
257 Fn::GetAtt:
258 - PipelineArtifactsBucketEncryptionKey01D58D69
259 - Arn
260 UpdateReplacePolicy: Delete
261 DeletionPolicy: Delete
262 Metadata:
263 aws:cdk:path: plants-pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource
264 PipelineArtifactsBucket22248F97:
265 Type: AWS::S3::Bucket
266 Properties:
267 BucketEncryption:
268 ServerSideEncryptionConfiguration:
269 - ServerSideEncryptionByDefault:
270 KMSMasterKeyID:
271 Fn::GetAtt:
272 - PipelineArtifactsBucketEncryptionKey01D58D69
273 - Arn
274 SSEAlgorithm: aws:kms
275 PublicAccessBlockConfiguration:
276 BlockPublicAcls: true
277 BlockPublicPolicy: true
278 IgnorePublicAcls: true
279 RestrictPublicBuckets: true
280 UpdateReplacePolicy: Retain
281 DeletionPolicy: Retain
282 Metadata:
283 aws:cdk:path: plants-pipeline/Pipeline/ArtifactsBucket/Resource
284 PipelineRoleD68726F7:
285 Type: AWS::IAM::Role
286 Properties:
287 AssumeRolePolicyDocument:
288 Statement:
289 - Action: sts:AssumeRole
290 Effect: Allow
291 Principal:
292 Service: codepipeline.amazonaws.com
293 Version: "2012-10-17"
294 Metadata:
295 aws:cdk:path: plants-pipeline/Pipeline/Role/Resource
296 PipelineRoleDefaultPolicyC7A05455:
297 Type: AWS::IAM::Policy
298 Properties:
299 PolicyDocument:
300 Statement:
301 - Action:
302 - s3:GetObject*
303 - s3:GetBucket*
304 - s3:List*
305 - s3:DeleteObject*
306 - s3:PutObject*
307 - s3:Abort*
308 Effect: Allow
309 Resource:
310 - Fn::GetAtt:
311 - PipelineArtifactsBucket22248F97
312 - Arn
313 - Fn::Join:
314 - ""
315 - - Fn::GetAtt:
316 - PipelineArtifactsBucket22248F97
317 - Arn
318 - /*
319 - Action:
320 - kms:Decrypt
321 - kms:DescribeKey
322 - kms:Encrypt
323 - kms:ReEncrypt*
324 - kms:GenerateDataKey*
325 Effect: Allow
326 Resource:
327 Fn::GetAtt:
328 - PipelineArtifactsBucketEncryptionKey01D58D69
329 - Arn
330 - Action: sts:AssumeRole
331 Effect: Allow
332 Resource:
333 Fn::GetAtt:
334 - PipelineBuildCDKCodePipelineActionRoleBDF40025
335 - Arn
336 - Action: sts:AssumeRole
337 Effect: Allow
338 Resource:
339 Fn::GetAtt:
340 - PipelineBuildAssetsCodePipelineActionRole69BA6286
341 - Arn
342 - Action: sts:AssumeRole
343 Effect: Allow
344 Resource:
345 Fn::GetAtt:
346 - PipelineBuildRenderCodePipelineActionRole12F49662
347 - Arn
348 - Action: sts:AssumeRole
349 Effect: Allow
350 Resource:
351 Fn::GetAtt:
352 - PipelineDeployAssetsCodePipelineActionRole381C6B27
353 - Arn
354 - Action: sts:AssumeRole
355 Effect: Allow
356 Resource:
357 Fn::GetAtt:
358 - PipelineDeployRenderCodePipelineActionRole7376DCF7
359 - Arn
360 - Action: sts:AssumeRole
361 Effect: Allow
362 Resource:
363 Fn::GetAtt:
364 - PipelineDeployDomainCodePipelineActionRole2C3BA570
365 - Arn
366 - Action: sts:AssumeRole
367 Effect: Allow
368 Resource:
369 Fn::GetAtt:
370 - PipelineReleaseCDNCodePipelineActionRole5F4E30E4
371 - Arn
372 Version: "2012-10-17"
373 PolicyName: PipelineRoleDefaultPolicyC7A05455
374 Roles:
375 - Ref: PipelineRoleD68726F7
376 Metadata:
377 aws:cdk:path: plants-pipeline/Pipeline/Role/DefaultPolicy/Resource
378 PipelineC660917D:
379 Type: AWS::CodePipeline::Pipeline
380 Properties:
381 RoleArn:
382 Fn::GetAtt:
383 - PipelineRoleD68726F7
384 - Arn
385 Stages:
386 - Actions:
387 - ActionTypeId:
388 Category: Source
389 Owner: ThirdParty
390 Provider: GitHub
391 Version: "1"
392 Configuration:
393 Owner: felguerez
394 Repo: plants
395 Branch: master
396 OAuthToken: "{{resolve:secretsmanager:GitHubToken:SecretString:::}}"
397 PollForSourceChanges: false
398 Name: Checkout
399 OutputArtifacts:
400 - Name: sources
401 RunOrder: 1
402 Name: Sources
403 - Actions:
404 - ActionTypeId:
405 Category: Build
406 Owner: AWS
407 Provider: CodeBuild
408 Version: "1"
409 Configuration:
410 ProjectName:
411 Ref: BuildCDK09D620A6
412 InputArtifacts:
413 - Name: sources
414 Name: CDK
415 OutputArtifacts:
416 - Name: cdk
417 RoleArn:
418 Fn::GetAtt:
419 - PipelineBuildCDKCodePipelineActionRoleBDF40025
420 - Arn
421 RunOrder: 10
422 - ActionTypeId:
423 Category: Build
424 Owner: AWS
425 Provider: CodeBuild
426 Version: "1"
427 Configuration:
428 ProjectName:
429 Ref: BuildAssetsFAC86A51
430 EnvironmentVariables: '[{"name":"REACT_APP_NAME","type":"PLAINTEXT","value":"plants"}]'
431 InputArtifacts:
432 - Name: sources
433 Name: Assets
434 OutputArtifacts:
435 - Name: assets
436 RoleArn:
437 Fn::GetAtt:
438 - PipelineBuildAssetsCodePipelineActionRole69BA6286
439 - Arn
440 RunOrder: 10
441 - ActionTypeId:
442 Category: Build
443 Owner: AWS
444 Provider: CodeBuild
445 Version: "1"
446 Configuration:
447 ProjectName:
448 Ref: BuildRender6A87EF75
449 PrimarySource: sources
450 InputArtifacts:
451 - Name: sources
452 - Name: assets
453 Name: Render
454 OutputArtifacts:
455 - Name: render
456 RoleArn:
457 Fn::GetAtt:
458 - PipelineBuildRenderCodePipelineActionRole12F49662
459 - Arn
460 RunOrder: 20
461 Name: Build
462 - Actions:
463 - ActionTypeId:
464 Category: Deploy
465 Owner: AWS
466 Provider: S3
467 Version: "1"
468 Configuration:
469 BucketName:
470 Ref: Files8E6940B8
471 Extract: "true"
472 InputArtifacts:
473 - Name: assets
474 Name: Assets
475 RoleArn:
476 Fn::GetAtt:
477 - PipelineDeployAssetsCodePipelineActionRole381C6B27
478 - Arn
479 RunOrder: 10
480 - ActionTypeId:
481 Category: Deploy
482 Owner: AWS
483 Provider: CloudFormation
484 Version: "1"
485 Configuration:
486 StackName: plants-render
487 Capabilities: CAPABILITY_NAMED_IAM
488 RoleArn:
489 Fn::GetAtt:
490 - PipelineDeployRenderRole71D39ECE
491 - Arn
492 ParameterOverrides: '{"CodeBucketName":{"Fn::GetArtifactAtt":["render","BucketName"]},"CodeBucketObjectKey":{"Fn::GetArtifactAtt":["render","ObjectKey"]}}'
493 ActionMode: CREATE_UPDATE
494 TemplatePath: cdk::plants-render.template.json
495 InputArtifacts:
496 - Name: render
497 - Name: cdk
498 Name: Render
499 RoleArn:
500 Fn::GetAtt:
501 - PipelineDeployRenderCodePipelineActionRole7376DCF7
502 - Arn
503 RunOrder: 20
504 - ActionTypeId:
505 Category: Deploy
506 Owner: AWS
507 Provider: CloudFormation
508 Version: "1"
509 Configuration:
510 StackName: plants-domain
511 Capabilities: CAPABILITY_NAMED_IAM
512 RoleArn:
513 Fn::GetAtt:
514 - PipelineDeployDomainRole8B4F5D16
515 - Arn
516 ActionMode: CREATE_UPDATE
517 TemplatePath: cdk::plants-domain.template.json
518 InputArtifacts:
519 - Name: cdk
520 Name: Domain
521 RoleArn:
522 Fn::GetAtt:
523 - PipelineDeployDomainCodePipelineActionRole2C3BA570
524 - Arn
525 RunOrder: 50
526 Name: Deploy
527 - Actions:
528 - ActionTypeId:
529 Category: Build
530 Owner: AWS
531 Provider: CodeBuild
532 Version: "1"
533 Configuration:
534 ProjectName:
535 Ref: ReleaseCDN3298D932
536 InputArtifacts:
537 - Name: sources
538 Name: CDN
539 RoleArn:
540 Fn::GetAtt:
541 - PipelineReleaseCDNCodePipelineActionRole5F4E30E4
542 - Arn
543 RunOrder: 1
544 Name: Release
545 ArtifactStore:
546 EncryptionKey:
547 Id:
548 Fn::GetAtt:
549 - PipelineArtifactsBucketEncryptionKey01D58D69
550 - Arn
551 Type: KMS
552 Location:
553 Ref: PipelineArtifactsBucket22248F97
554 Type: S3
555 Name: plants
556 RestartExecutionOnUpdate: false
557 DependsOn:
558 - PipelineRoleDefaultPolicyC7A05455
559 - PipelineRoleD68726F7
560 Metadata:
561 aws:cdk:path: plants-pipeline/Pipeline/Resource
562 PipelineSourcesCheckoutWebhookResourceA7BD5933:
563 Type: AWS::CodePipeline::Webhook
564 Properties:
565 Authentication: GITHUB_HMAC
566 AuthenticationConfiguration:
567 SecretToken: "{{resolve:secretsmanager:GitHubToken:SecretString:::}}"
568 Filters:
569 - JsonPath: $.ref
570 MatchEquals: refs/heads/{Branch}
571 TargetAction: Checkout
572 TargetPipeline:
573 Ref: PipelineC660917D
574 TargetPipelineVersion: 1
575 RegisterWithThirdParty: true
576 Metadata:
577 aws:cdk:path: plants-pipeline/Pipeline/Sources/Checkout/WebhookResource
578 PipelineBuildCDKCodePipelineActionRoleBDF40025:
579 Type: AWS::IAM::Role
580 Properties:
581 AssumeRolePolicyDocument:
582 Statement:
583 - Action: sts:AssumeRole
584 Effect: Allow
585 Principal:
586 AWS:
587 Fn::Join:
588 - ""
589 - - "arn:"
590 - Ref: AWS::Partition
591 - :iam::413025517373:root
592 Version: "2012-10-17"
593 Metadata:
594 aws:cdk:path: plants-pipeline/Pipeline/Build/CDK/CodePipelineActionRole/Resource
595 PipelineBuildCDKCodePipelineActionRoleDefaultPolicyED95E4E6:
596 Type: AWS::IAM::Policy
597 Properties:
598 PolicyDocument:
599 Statement:
600 - Action:
601 - codebuild:BatchGetBuilds
602 - codebuild:StartBuild
603 - codebuild:StopBuild
604 Effect: Allow
605 Resource:
606 Fn::GetAtt:
607 - BuildCDK09D620A6
608 - Arn
609 Version: "2012-10-17"
610 PolicyName: PipelineBuildCDKCodePipelineActionRoleDefaultPolicyED95E4E6
611 Roles:
612 - Ref: PipelineBuildCDKCodePipelineActionRoleBDF40025
613 Metadata:
614 aws:cdk:path: plants-pipeline/Pipeline/Build/CDK/CodePipelineActionRole/DefaultPolicy/Resource
615 PipelineBuildAssetsCodePipelineActionRole69BA6286:
616 Type: AWS::IAM::Role
617 Properties:
618 AssumeRolePolicyDocument:
619 Statement:
620 - Action: sts:AssumeRole
621 Effect: Allow
622 Principal:
623 AWS:
624 Fn::Join:
625 - ""
626 - - "arn:"
627 - Ref: AWS::Partition
628 - :iam::413025517373:root
629 Version: "2012-10-17"
630 Metadata:
631 aws:cdk:path: plants-pipeline/Pipeline/Build/Assets/CodePipelineActionRole/Resource
632 PipelineBuildAssetsCodePipelineActionRoleDefaultPolicyB538F394:
633 Type: AWS::IAM::Policy
634 Properties:
635 PolicyDocument:
636 Statement:
637 - Action:
638 - codebuild:BatchGetBuilds
639 - codebuild:StartBuild
640 - codebuild:StopBuild
641 Effect: Allow
642 Resource:
643 Fn::GetAtt:
644 - BuildAssetsFAC86A51
645 - Arn
646 Version: "2012-10-17"
647 PolicyName: PipelineBuildAssetsCodePipelineActionRoleDefaultPolicyB538F394
648 Roles:
649 - Ref: PipelineBuildAssetsCodePipelineActionRole69BA6286
650 Metadata:
651 aws:cdk:path: plants-pipeline/Pipeline/Build/Assets/CodePipelineActionRole/DefaultPolicy/Resource
652 PipelineBuildRenderCodePipelineActionRole12F49662:
653 Type: AWS::IAM::Role
654 Properties:
655 AssumeRolePolicyDocument:
656 Statement:
657 - Action: sts:AssumeRole
658 Effect: Allow
659 Principal:
660 AWS:
661 Fn::Join:
662 - ""
663 - - "arn:"
664 - Ref: AWS::Partition
665 - :iam::413025517373:root
666 Version: "2012-10-17"
667 Metadata:
668 aws:cdk:path: plants-pipeline/Pipeline/Build/Render/CodePipelineActionRole/Resource
669 PipelineBuildRenderCodePipelineActionRoleDefaultPolicyB4B60F72:
670 Type: AWS::IAM::Policy
671 Properties:
672 PolicyDocument:
673 Statement:
674 - Action:
675 - codebuild:BatchGetBuilds
676 - codebuild:StartBuild
677 - codebuild:StopBuild
678 Effect: Allow
679 Resource:
680 Fn::GetAtt:
681 - BuildRender6A87EF75
682 - Arn
683 Version: "2012-10-17"
684 PolicyName: PipelineBuildRenderCodePipelineActionRoleDefaultPolicyB4B60F72
685 Roles:
686 - Ref: PipelineBuildRenderCodePipelineActionRole12F49662
687 Metadata:
688 aws:cdk:path: plants-pipeline/Pipeline/Build/Render/CodePipelineActionRole/DefaultPolicy/Resource
689 PipelineDeployAssetsCodePipelineActionRole381C6B27:
690 Type: AWS::IAM::Role
691 Properties:
692 AssumeRolePolicyDocument:
693 Statement:
694 - Action: sts:AssumeRole
695 Effect: Allow
696 Principal:
697 AWS:
698 Fn::Join:
699 - ""
700 - - "arn:"
701 - Ref: AWS::Partition
702 - :iam::413025517373:root
703 Version: "2012-10-17"
704 Metadata:
705 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Assets/CodePipelineActionRole/Resource
706 PipelineDeployAssetsCodePipelineActionRoleDefaultPolicy71994611:
707 Type: AWS::IAM::Policy
708 Properties:
709 PolicyDocument:
710 Statement:
711 - Action:
712 - s3:DeleteObject*
713 - s3:PutObject*
714 - s3:Abort*
715 Effect: Allow
716 Resource:
717 - Fn::GetAtt:
718 - Files8E6940B8
719 - Arn
720 - Fn::Join:
721 - ""
722 - - Fn::GetAtt:
723 - Files8E6940B8
724 - Arn
725 - /*
726 - Action:
727 - s3:GetObject*
728 - s3:GetBucket*
729 - s3:List*
730 Effect: Allow
731 Resource:
732 - Fn::GetAtt:
733 - PipelineArtifactsBucket22248F97
734 - Arn
735 - Fn::Join:
736 - ""
737 - - Fn::GetAtt:
738 - PipelineArtifactsBucket22248F97
739 - Arn
740 - /*
741 - Action:
742 - kms:Decrypt
743 - kms:DescribeKey
744 Effect: Allow
745 Resource:
746 Fn::GetAtt:
747 - PipelineArtifactsBucketEncryptionKey01D58D69
748 - Arn
749 Version: "2012-10-17"
750 PolicyName: PipelineDeployAssetsCodePipelineActionRoleDefaultPolicy71994611
751 Roles:
752 - Ref: PipelineDeployAssetsCodePipelineActionRole381C6B27
753 Metadata:
754 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Assets/CodePipelineActionRole/DefaultPolicy/Resource
755 PipelineDeployRenderCodePipelineActionRole7376DCF7:
756 Type: AWS::IAM::Role
757 Properties:
758 AssumeRolePolicyDocument:
759 Statement:
760 - Action: sts:AssumeRole
761 Effect: Allow
762 Principal:
763 AWS:
764 Fn::Join:
765 - ""
766 - - "arn:"
767 - Ref: AWS::Partition
768 - :iam::413025517373:root
769 Version: "2012-10-17"
770 Metadata:
771 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Render/CodePipelineActionRole/Resource
772 PipelineDeployRenderCodePipelineActionRoleDefaultPolicy80A4ED97:
773 Type: AWS::IAM::Policy
774 Properties:
775 PolicyDocument:
776 Statement:
777 - Action: iam:PassRole
778 Effect: Allow
779 Resource:
780 Fn::GetAtt:
781 - PipelineDeployRenderRole71D39ECE
782 - Arn
783 - Action:
784 - s3:GetObject*
785 - s3:GetBucket*
786 - s3:List*
787 Effect: Allow
788 Resource:
789 - Fn::GetAtt:
790 - PipelineArtifactsBucket22248F97
791 - Arn
792 - Fn::Join:
793 - ""
794 - - Fn::GetAtt:
795 - PipelineArtifactsBucket22248F97
796 - Arn
797 - /*
798 - Action:
799 - kms:Decrypt
800 - kms:DescribeKey
801 Effect: Allow
802 Resource:
803 Fn::GetAtt:
804 - PipelineArtifactsBucketEncryptionKey01D58D69
805 - Arn
806 - Action:
807 - cloudformation:CreateStack
808 - cloudformation:DescribeStack*
809 - cloudformation:GetStackPolicy
810 - cloudformation:GetTemplate*
811 - cloudformation:SetStackPolicy
812 - cloudformation:UpdateStack
813 - cloudformation:ValidateTemplate
814 Effect: Allow
815 Resource:
816 Fn::Join:
817 - ""
818 - - "arn:"
819 - Ref: AWS::Partition
820 - :cloudformation:us-east-1:413025517373:stack/plants-render/*
821 Version: "2012-10-17"
822 PolicyName: PipelineDeployRenderCodePipelineActionRoleDefaultPolicy80A4ED97
823 Roles:
824 - Ref: PipelineDeployRenderCodePipelineActionRole7376DCF7
825 Metadata:
826 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Render/CodePipelineActionRole/DefaultPolicy/Resource
827 PipelineDeployRenderRole71D39ECE:
828 Type: AWS::IAM::Role
829 Properties:
830 AssumeRolePolicyDocument:
831 Statement:
832 - Action: sts:AssumeRole
833 Effect: Allow
834 Principal:
835 Service: cloudformation.amazonaws.com
836 Version: "2012-10-17"
837 Metadata:
838 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Render/Role/Resource
839 PipelineDeployRenderRoleDefaultPolicy23C64745:
840 Type: AWS::IAM::Policy
841 Properties:
842 PolicyDocument:
843 Statement:
844 - Action:
845 - s3:GetObject*
846 - s3:GetBucket*
847 - s3:List*
848 Effect: Allow
849 Resource:
850 - Fn::GetAtt:
851 - PipelineArtifactsBucket22248F97
852 - Arn
853 - Fn::Join:
854 - ""
855 - - Fn::GetAtt:
856 - PipelineArtifactsBucket22248F97
857 - Arn
858 - /*
859 - Action:
860 - kms:Decrypt
861 - kms:DescribeKey
862 Effect: Allow
863 Resource:
864 Fn::GetAtt:
865 - PipelineArtifactsBucketEncryptionKey01D58D69
866 - Arn
867 - Action: "*"
868 Effect: Allow
869 Resource: "*"
870 Version: "2012-10-17"
871 PolicyName: PipelineDeployRenderRoleDefaultPolicy23C64745
872 Roles:
873 - Ref: PipelineDeployRenderRole71D39ECE
874 Metadata:
875 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Render/Role/DefaultPolicy/Resource
876 PipelineDeployDomainCodePipelineActionRole2C3BA570:
877 Type: AWS::IAM::Role
878 Properties:
879 AssumeRolePolicyDocument:
880 Statement:
881 - Action: sts:AssumeRole
882 Effect: Allow
883 Principal:
884 AWS:
885 Fn::Join:
886 - ""
887 - - "arn:"
888 - Ref: AWS::Partition
889 - :iam::413025517373:root
890 Version: "2012-10-17"
891 Metadata:
892 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Domain/CodePipelineActionRole/Resource
893 PipelineDeployDomainCodePipelineActionRoleDefaultPolicyB8A290EA:
894 Type: AWS::IAM::Policy
895 Properties:
896 PolicyDocument:
897 Statement:
898 - Action: iam:PassRole
899 Effect: Allow
900 Resource:
901 Fn::GetAtt:
902 - PipelineDeployDomainRole8B4F5D16
903 - Arn
904 - Action:
905 - s3:GetObject*
906 - s3:GetBucket*
907 - s3:List*
908 Effect: Allow
909 Resource:
910 - Fn::GetAtt:
911 - PipelineArtifactsBucket22248F97
912 - Arn
913 - Fn::Join:
914 - ""
915 - - Fn::GetAtt:
916 - PipelineArtifactsBucket22248F97
917 - Arn
918 - /*
919 - Action:
920 - kms:Decrypt
921 - kms:DescribeKey
922 Effect: Allow
923 Resource:
924 Fn::GetAtt:
925 - PipelineArtifactsBucketEncryptionKey01D58D69
926 - Arn
927 - Action:
928 - cloudformation:CreateStack
929 - cloudformation:DescribeStack*
930 - cloudformation:GetStackPolicy
931 - cloudformation:GetTemplate*
932 - cloudformation:SetStackPolicy
933 - cloudformation:UpdateStack
934 - cloudformation:ValidateTemplate
935 Effect: Allow
936 Resource:
937 Fn::Join:
938 - ""
939 - - "arn:"
940 - Ref: AWS::Partition
941 - :cloudformation:us-east-1:413025517373:stack/plants-domain/*
942 Version: "2012-10-17"
943 PolicyName: PipelineDeployDomainCodePipelineActionRoleDefaultPolicyB8A290EA
944 Roles:
945 - Ref: PipelineDeployDomainCodePipelineActionRole2C3BA570
946 Metadata:
947 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Domain/CodePipelineActionRole/DefaultPolicy/Resource
948 PipelineDeployDomainRole8B4F5D16:
949 Type: AWS::IAM::Role
950 Properties:
951 AssumeRolePolicyDocument:
952 Statement:
953 - Action: sts:AssumeRole
954 Effect: Allow
955 Principal:
956 Service: cloudformation.amazonaws.com
957 Version: "2012-10-17"
958 Metadata:
959 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Domain/Role/Resource
960 PipelineDeployDomainRoleDefaultPolicy0AA87BEF:
961 Type: AWS::IAM::Policy
962 Properties:
963 PolicyDocument:
964 Statement:
965 - Action:
966 - s3:GetObject*
967 - s3:GetBucket*
968 - s3:List*
969 Effect: Allow
970 Resource:
971 - Fn::GetAtt:
972 - PipelineArtifactsBucket22248F97
973 - Arn
974 - Fn::Join:
975 - ""
976 - - Fn::GetAtt:
977 - PipelineArtifactsBucket22248F97
978 - Arn
979 - /*
980 - Action:
981 - kms:Decrypt
982 - kms:DescribeKey
983 Effect: Allow
984 Resource:
985 Fn::GetAtt:
986 - PipelineArtifactsBucketEncryptionKey01D58D69
987 - Arn
988 - Action: "*"
989 Effect: Allow
990 Resource: "*"
991 Version: "2012-10-17"
992 PolicyName: PipelineDeployDomainRoleDefaultPolicy0AA87BEF
993 Roles:
994 - Ref: PipelineDeployDomainRole8B4F5D16
995 Metadata:
996 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Domain/Role/DefaultPolicy/Resource
997 PipelineReleaseCDNCodePipelineActionRole5F4E30E4:
998 Type: AWS::IAM::Role
999 Properties:
1000 AssumeRolePolicyDocument:
1001 Statement:
1002 - Action: sts:AssumeRole
1003 Effect: Allow
1004 Principal:
1005 AWS:
1006 Fn::Join:
1007 - ""
1008 - - "arn:"
1009 - Ref: AWS::Partition
1010 - :iam::413025517373:root
1011 Version: "2012-10-17"
1012 Metadata:
1013 aws:cdk:path: plants-pipeline/Pipeline/Release/CDN/CodePipelineActionRole/Resource
1014 PipelineReleaseCDNCodePipelineActionRoleDefaultPolicy393CBE78:
1015 Type: AWS::IAM::Policy
1016 Properties:
1017 PolicyDocument:
1018 Statement:
1019 - Action:
1020 - codebuild:BatchGetBuilds
1021 - codebuild:StartBuild
1022 - codebuild:StopBuild
1023 Effect: Allow
1024 Resource:
1025 Fn::GetAtt:
1026 - ReleaseCDN3298D932
1027 - Arn
1028 Version: "2012-10-17"
1029 PolicyName: PipelineReleaseCDNCodePipelineActionRoleDefaultPolicy393CBE78
1030 Roles:
1031 - Ref: PipelineReleaseCDNCodePipelineActionRole5F4E30E4
1032 Metadata:
1033 aws:cdk:path: plants-pipeline/Pipeline/Release/CDN/CodePipelineActionRole/DefaultPolicy/Resource
1034 BuildRole41B77417:
1035 Type: AWS::IAM::Role
1036 Properties:
1037 AssumeRolePolicyDocument:
1038 Statement:
1039 - Action: sts:AssumeRole
1040 Effect: Allow
1041 Principal:
1042 Service: codebuild.amazonaws.com
1043 Version: "2012-10-17"
1044 ManagedPolicyArns:
1045 - Fn::Join:
1046 - ""
1047 - - "arn:"
1048 - Ref: AWS::Partition
1049 - :iam::aws:policy/AmazonRoute53ReadOnlyAccess
1050 Path: /
1051 Metadata:
1052 aws:cdk:path: plants-pipeline/BuildRole/Resource
1053 BuildRoleDefaultPolicy05D1D9FE:
1054 Type: AWS::IAM::Policy
1055 Properties:
1056 PolicyDocument:
1057 Statement:
1058 - Action:
1059 - logs:CreateLogGroup
1060 - logs:CreateLogStream
1061 - logs:PutLogEvents
1062 Effect: Allow
1063 Resource:
1064 - Fn::Join:
1065 - ""
1066 - - "arn:"
1067 - Ref: AWS::Partition
1068 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1069 - Ref: BuildCDK09D620A6
1070 - Fn::Join:
1071 - ""
1072 - - "arn:"
1073 - Ref: AWS::Partition
1074 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1075 - Ref: BuildCDK09D620A6
1076 - :*
1077 - Action:
1078 - codebuild:CreateReportGroup
1079 - codebuild:CreateReport
1080 - codebuild:UpdateReport
1081 - codebuild:BatchPutTestCases
1082 - codebuild:BatchPutCodeCoverages
1083 Effect: Allow
1084 Resource:
1085 Fn::Join:
1086 - ""
1087 - - "arn:"
1088 - Ref: AWS::Partition
1089 - :codebuild:us-east-1:413025517373:report-group/
1090 - Ref: BuildCDK09D620A6
1091 - -*
1092 - Action:
1093 - s3:GetObject*
1094 - s3:GetBucket*
1095 - s3:List*
1096 - s3:DeleteObject*
1097 - s3:PutObject*
1098 - s3:Abort*
1099 Effect: Allow
1100 Resource:
1101 - Fn::GetAtt:
1102 - PipelineArtifactsBucket22248F97
1103 - Arn
1104 - Fn::Join:
1105 - ""
1106 - - Fn::GetAtt:
1107 - PipelineArtifactsBucket22248F97
1108 - Arn
1109 - /*
1110 - Action:
1111 - kms:Decrypt
1112 - kms:DescribeKey
1113 - kms:Encrypt
1114 - kms:ReEncrypt*
1115 - kms:GenerateDataKey*
1116 Effect: Allow
1117 Resource:
1118 Fn::GetAtt:
1119 - PipelineArtifactsBucketEncryptionKey01D58D69
1120 - Arn
1121 - Action:
1122 - kms:Decrypt
1123 - kms:Encrypt
1124 - kms:ReEncrypt*
1125 - kms:GenerateDataKey*
1126 Effect: Allow
1127 Resource:
1128 Fn::GetAtt:
1129 - PipelineArtifactsBucketEncryptionKey01D58D69
1130 - Arn
1131 Version: "2012-10-17"
1132 PolicyName: BuildRoleDefaultPolicy05D1D9FE
1133 Roles:
1134 - Ref: BuildRole41B77417
1135 Metadata:
1136 aws:cdk:path: plants-pipeline/BuildRole/DefaultPolicy/Resource
1137 BuildCDK09D620A6:
1138 Type: AWS::CodeBuild::Project
1139 Properties:
1140 Artifacts:
1141 Type: CODEPIPELINE
1142 Environment:
1143 ComputeType: BUILD_GENERAL1_SMALL
1144 Image: aws/codebuild/standard:1.0
1145 ImagePullCredentialsType: CODEBUILD
1146 PrivilegedMode: false
1147 Type: LINUX_CONTAINER
1148 ServiceRole:
1149 Fn::GetAtt:
1150 - BuildRole41B77417
1151 - Arn
1152 Source:
1153 BuildSpec: ./aws/buildspecs/cdk.yml
1154 Type: CODEPIPELINE
1155 EncryptionKey:
1156 Fn::GetAtt:
1157 - PipelineArtifactsBucketEncryptionKey01D58D69
1158 - Arn
1159 Name: CDK
1160 Metadata:
1161 aws:cdk:path: plants-pipeline/BuildCDK/Resource
1162 BuildAssetsRole6BD3461F:
1163 Type: AWS::IAM::Role
1164 Properties:
1165 AssumeRolePolicyDocument:
1166 Statement:
1167 - Action: sts:AssumeRole
1168 Effect: Allow
1169 Principal:
1170 Service: codebuild.amazonaws.com
1171 Version: "2012-10-17"
1172 Metadata:
1173 aws:cdk:path: plants-pipeline/BuildAssets/Role/Resource
1174 BuildAssetsRoleDefaultPolicyA2F419F3:
1175 Type: AWS::IAM::Policy
1176 Properties:
1177 PolicyDocument:
1178 Statement:
1179 - Action:
1180 - logs:CreateLogGroup
1181 - logs:CreateLogStream
1182 - logs:PutLogEvents
1183 Effect: Allow
1184 Resource:
1185 - Fn::Join:
1186 - ""
1187 - - "arn:"
1188 - Ref: AWS::Partition
1189 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1190 - Ref: BuildAssetsFAC86A51
1191 - Fn::Join:
1192 - ""
1193 - - "arn:"
1194 - Ref: AWS::Partition
1195 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1196 - Ref: BuildAssetsFAC86A51
1197 - :*
1198 - Action:
1199 - codebuild:CreateReportGroup
1200 - codebuild:CreateReport
1201 - codebuild:UpdateReport
1202 - codebuild:BatchPutTestCases
1203 - codebuild:BatchPutCodeCoverages
1204 Effect: Allow
1205 Resource:
1206 Fn::Join:
1207 - ""
1208 - - "arn:"
1209 - Ref: AWS::Partition
1210 - :codebuild:us-east-1:413025517373:report-group/
1211 - Ref: BuildAssetsFAC86A51
1212 - -*
1213 - Action:
1214 - s3:GetObject*
1215 - s3:GetBucket*
1216 - s3:List*
1217 - s3:DeleteObject*
1218 - s3:PutObject*
1219 - s3:Abort*
1220 Effect: Allow
1221 Resource:
1222 - Fn::GetAtt:
1223 - PipelineArtifactsBucket22248F97
1224 - Arn
1225 - Fn::Join:
1226 - ""
1227 - - Fn::GetAtt:
1228 - PipelineArtifactsBucket22248F97
1229 - Arn
1230 - /*
1231 - Action:
1232 - kms:Decrypt
1233 - kms:DescribeKey
1234 - kms:Encrypt
1235 - kms:ReEncrypt*
1236 - kms:GenerateDataKey*
1237 Effect: Allow
1238 Resource:
1239 Fn::GetAtt:
1240 - PipelineArtifactsBucketEncryptionKey01D58D69
1241 - Arn
1242 - Action:
1243 - kms:Decrypt
1244 - kms:Encrypt
1245 - kms:ReEncrypt*
1246 - kms:GenerateDataKey*
1247 Effect: Allow
1248 Resource:
1249 Fn::GetAtt:
1250 - PipelineArtifactsBucketEncryptionKey01D58D69
1251 - Arn
1252 Version: "2012-10-17"
1253 PolicyName: BuildAssetsRoleDefaultPolicyA2F419F3
1254 Roles:
1255 - Ref: BuildAssetsRole6BD3461F
1256 Metadata:
1257 aws:cdk:path: plants-pipeline/BuildAssets/Role/DefaultPolicy/Resource
1258 BuildAssetsFAC86A51:
1259 Type: AWS::CodeBuild::Project
1260 Properties:
1261 Artifacts:
1262 Type: CODEPIPELINE
1263 Environment:
1264 ComputeType: BUILD_GENERAL1_SMALL
1265 Image: aws/codebuild/standard:1.0
1266 ImagePullCredentialsType: CODEBUILD
1267 PrivilegedMode: false
1268 Type: LINUX_CONTAINER
1269 ServiceRole:
1270 Fn::GetAtt:
1271 - BuildAssetsRole6BD3461F
1272 - Arn
1273 Source:
1274 BuildSpec: ./aws/buildspecs/assets.yml
1275 Type: CODEPIPELINE
1276 EncryptionKey:
1277 Fn::GetAtt:
1278 - PipelineArtifactsBucketEncryptionKey01D58D69
1279 - Arn
1280 Name: Assets
1281 Metadata:
1282 aws:cdk:path: plants-pipeline/BuildAssets/Resource
1283 BuildRenderRole2A1E7242:
1284 Type: AWS::IAM::Role
1285 Properties:
1286 AssumeRolePolicyDocument:
1287 Statement:
1288 - Action: sts:AssumeRole
1289 Effect: Allow
1290 Principal:
1291 Service: codebuild.amazonaws.com
1292 Version: "2012-10-17"
1293 Metadata:
1294 aws:cdk:path: plants-pipeline/BuildRender/Role/Resource
1295 BuildRenderRoleDefaultPolicy30261295:
1296 Type: AWS::IAM::Policy
1297 Properties:
1298 PolicyDocument:
1299 Statement:
1300 - Action:
1301 - logs:CreateLogGroup
1302 - logs:CreateLogStream
1303 - logs:PutLogEvents
1304 Effect: Allow
1305 Resource:
1306 - Fn::Join:
1307 - ""
1308 - - "arn:"
1309 - Ref: AWS::Partition
1310 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1311 - Ref: BuildRender6A87EF75
1312 - Fn::Join:
1313 - ""
1314 - - "arn:"
1315 - Ref: AWS::Partition
1316 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1317 - Ref: BuildRender6A87EF75
1318 - :*
1319 - Action:
1320 - codebuild:CreateReportGroup
1321 - codebuild:CreateReport
1322 - codebuild:UpdateReport
1323 - codebuild:BatchPutTestCases
1324 - codebuild:BatchPutCodeCoverages
1325 Effect: Allow
1326 Resource:
1327 Fn::Join:
1328 - ""
1329 - - "arn:"
1330 - Ref: AWS::Partition
1331 - :codebuild:us-east-1:413025517373:report-group/
1332 - Ref: BuildRender6A87EF75
1333 - -*
1334 - Action:
1335 - s3:GetObject*
1336 - s3:GetBucket*
1337 - s3:List*
1338 - s3:DeleteObject*
1339 - s3:PutObject*
1340 - s3:Abort*
1341 Effect: Allow
1342 Resource:
1343 - Fn::GetAtt:
1344 - PipelineArtifactsBucket22248F97
1345 - Arn
1346 - Fn::Join:
1347 - ""
1348 - - Fn::GetAtt:
1349 - PipelineArtifactsBucket22248F97
1350 - Arn
1351 - /*
1352 - Action:
1353 - kms:Decrypt
1354 - kms:DescribeKey
1355 - kms:Encrypt
1356 - kms:ReEncrypt*
1357 - kms:GenerateDataKey*
1358 Effect: Allow
1359 Resource:
1360 Fn::GetAtt:
1361 - PipelineArtifactsBucketEncryptionKey01D58D69
1362 - Arn
1363 - Action:
1364 - kms:Decrypt
1365 - kms:Encrypt
1366 - kms:ReEncrypt*
1367 - kms:GenerateDataKey*
1368 Effect: Allow
1369 Resource:
1370 Fn::GetAtt:
1371 - PipelineArtifactsBucketEncryptionKey01D58D69
1372 - Arn
1373 Version: "2012-10-17"
1374 PolicyName: BuildRenderRoleDefaultPolicy30261295
1375 Roles:
1376 - Ref: BuildRenderRole2A1E7242
1377 Metadata:
1378 aws:cdk:path: plants-pipeline/BuildRender/Role/DefaultPolicy/Resource
1379 BuildRender6A87EF75:
1380 Type: AWS::CodeBuild::Project
1381 Properties:
1382 Artifacts:
1383 Type: CODEPIPELINE
1384 Environment:
1385 ComputeType: BUILD_GENERAL1_SMALL
1386 Image: aws/codebuild/standard:1.0
1387 ImagePullCredentialsType: CODEBUILD
1388 PrivilegedMode: false
1389 Type: LINUX_CONTAINER
1390 ServiceRole:
1391 Fn::GetAtt:
1392 - BuildRenderRole2A1E7242
1393 - Arn
1394 Source:
1395 BuildSpec: ./aws/buildspecs/render.yml
1396 Type: CODEPIPELINE
1397 EncryptionKey:
1398 Fn::GetAtt:
1399 - PipelineArtifactsBucketEncryptionKey01D58D69
1400 - Arn
1401 Name: Render
1402 Metadata:
1403 aws:cdk:path: plants-pipeline/BuildRender/Resource
1404 ReleaseCDNRole92836511:
1405 Type: AWS::IAM::Role
1406 Properties:
1407 AssumeRolePolicyDocument:
1408 Statement:
1409 - Action: sts:AssumeRole
1410 Effect: Allow
1411 Principal:
1412 Service: codebuild.amazonaws.com
1413 Version: "2012-10-17"
1414 Path: /
1415 Metadata:
1416 aws:cdk:path: plants-pipeline/ReleaseCDNRole/Resource
1417 ReleaseCDNRoleDefaultPolicyD35E2C30:
1418 Type: AWS::IAM::Policy
1419 Properties:
1420 PolicyDocument:
1421 Statement:
1422 - Action: ssm:GetParameter
1423 Effect: Allow
1424 Resource: arn:aws:ssm:us-east-1:413025517373:parameter/plants/*
1425 - Action: cloudfront:CreateInvalidation
1426 Effect: Allow
1427 Resource: arn:aws:cloudfront::413025517373:distribution/*
1428 - Action:
1429 - logs:CreateLogGroup
1430 - logs:CreateLogStream
1431 - logs:PutLogEvents
1432 Effect: Allow
1433 Resource:
1434 - Fn::Join:
1435 - ""
1436 - - "arn:"
1437 - Ref: AWS::Partition
1438 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1439 - Ref: ReleaseCDN3298D932
1440 - Fn::Join:
1441 - ""
1442 - - "arn:"
1443 - Ref: AWS::Partition
1444 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1445 - Ref: ReleaseCDN3298D932
1446 - :*
1447 - Action:
1448 - codebuild:CreateReportGroup
1449 - codebuild:CreateReport
1450 - codebuild:UpdateReport
1451 - codebuild:BatchPutTestCases
1452 - codebuild:BatchPutCodeCoverages
1453 Effect: Allow
1454 Resource:
1455 Fn::Join:
1456 - ""
1457 - - "arn:"
1458 - Ref: AWS::Partition
1459 - :codebuild:us-east-1:413025517373:report-group/
1460 - Ref: ReleaseCDN3298D932
1461 - -*
1462 - Action:
1463 - s3:GetObject*
1464 - s3:GetBucket*
1465 - s3:List*
1466 Effect: Allow
1467 Resource:
1468 - Fn::GetAtt:
1469 - PipelineArtifactsBucket22248F97
1470 - Arn
1471 - Fn::Join:
1472 - ""
1473 - - Fn::GetAtt:
1474 - PipelineArtifactsBucket22248F97
1475 - Arn
1476 - /*
1477 - Action:
1478 - kms:Decrypt
1479 - kms:DescribeKey
1480 Effect: Allow
1481 Resource:
1482 Fn::GetAtt:
1483 - PipelineArtifactsBucketEncryptionKey01D58D69
1484 - Arn
1485 - Action:
1486 - kms:Decrypt
1487 - kms:Encrypt
1488 - kms:ReEncrypt*
1489 - kms:GenerateDataKey*
1490 Effect: Allow
1491 Resource:
1492 Fn::GetAtt:
1493 - PipelineArtifactsBucketEncryptionKey01D58D69
1494 - Arn
1495 Version: "2012-10-17"
1496 PolicyName: ReleaseCDNRoleDefaultPolicyD35E2C30
1497 Roles:
1498 - Ref: ReleaseCDNRole92836511
1499 Metadata:
1500 aws:cdk:path: plants-pipeline/ReleaseCDNRole/DefaultPolicy/Resource
1501 ReleaseCDN3298D932:
1502 Type: AWS::CodeBuild::Project
1503 Properties:
1504 Artifacts:
1505 Type: CODEPIPELINE
1506 Environment:
1507 ComputeType: BUILD_GENERAL1_SMALL
1508 EnvironmentVariables:
1509 - Name: SSM_NAMESPACE
1510 Type: PLAINTEXT
1511 Value: plants
1512 Image: aws/codebuild/standard:1.0
1513 ImagePullCredentialsType: CODEBUILD
1514 PrivilegedMode: false
1515 Type: LINUX_CONTAINER
1516 ServiceRole:
1517 Fn::GetAtt:
1518 - ReleaseCDNRole92836511
1519 - Arn
1520 Source:
1521 BuildSpec: ./aws/buildspecs/release.yml
1522 Type: CODEPIPELINE
1523 EncryptionKey:
1524 Fn::GetAtt:
1525 - PipelineArtifactsBucketEncryptionKey01D58D69
1526 - Arn
1527 Name: CDN
1528 Metadata:
1529 aws:cdk:path: plants-pipeline/ReleaseCDN/Resource
1530 CDKMetadata:
1531 Type: AWS::CDK::Metadata
1532 Properties:
1533 Analytics: v2:deflate64:H4sIAAAAAAAAE01QQW7DIBB8S++ENEpaqbcmPuZiuYecCd62azAbsdCoQvy9Brt1TzPDDswsO/nyLB8fXtWdN7o326TJg0xvQWkjGnIcfNRBNO+uA6boNWRRvIn3Mp2iNlCHC5uhJYv6ez2edRbMY3nZo/tolVcjBPDF9Sey0NTDDW9g0U0t2oVV0z9+gesnkcnCjCzTGWpWgaNFxUVUkgWqKbEjW29VXLv9tiqR14i2X/NaTwPMWy805yzcZJQDb792T/Iw/dnAiBsfXcARZDfjD/74T0JPAQAA
1534 Metadata:
1535 aws:cdk:path: plants-pipeline/CDKMetadata/Default
1536
1537