· 4 years ago · Apr 04, 2021, 03:14 PM
1> cra-serverless@0.1.0 cdk
2> cdk "synth" "plants-pipeline"
3
4Resources:
5 Files8E6940B8:
6 Type: AWS::S3::Bucket
7 Properties:
8 WebsiteConfiguration:
9 IndexDocument: index.html
10 UpdateReplacePolicy: Retain
11 DeletionPolicy: Retain
12 Metadata:
13 aws:cdk:path: plants-pipeline/Files/Resource
14 FilesPolicyCFAB4773:
15 Type: AWS::S3::BucketPolicy
16 Properties:
17 Bucket:
18 Ref: Files8E6940B8
19 PolicyDocument:
20 Statement:
21 - Action: s3:GetObject
22 Effect: Allow
23 Principal: "*"
24 Resource:
25 Fn::Join:
26 - ""
27 - - Fn::GetAtt:
28 - Files8E6940B8
29 - Arn
30 - /*
31 Version: "2012-10-17"
32 Metadata:
33 aws:cdk:path: plants-pipeline/Files/Policy/Resource
34 SSMBucketAssetsName2DD49BDD:
35 Type: AWS::SSM::Parameter
36 Properties:
37 Type: String
38 Value:
39 Ref: Files8E6940B8
40 Description: S3 Bucket Name for Assets
41 Name: /plants/S3/Assets/Name
42 Metadata:
43 aws:cdk:path: plants-pipeline/SSMBucketAssetsName/Resource
44 SSMBucketAssetsDomainName32D1134E:
45 Type: AWS::SSM::Parameter
46 Properties:
47 Type: String
48 Value:
49 Fn::GetAtt:
50 - Files8E6940B8
51 - DomainName
52 Description: S3 Bucket DomainName for Assets
53 Name: /plants/S3/Assets/DomainName
54 Metadata:
55 aws:cdk:path: plants-pipeline/SSMBucketAssetsDomainName/Resource
56 PipelineArtifactsBucketEncryptionKey01D58D69:
57 Type: AWS::KMS::Key
58 Properties:
59 KeyPolicy:
60 Statement:
61 - Action:
62 - kms:Create*
63 - kms:Describe*
64 - kms:Enable*
65 - kms:List*
66 - kms:Put*
67 - kms:Update*
68 - kms:Revoke*
69 - kms:Disable*
70 - kms:Get*
71 - kms:Delete*
72 - kms:ScheduleKeyDeletion
73 - kms:CancelKeyDeletion
74 - kms:GenerateDataKey
75 - kms:TagResource
76 - kms:UntagResource
77 Effect: Allow
78 Principal:
79 AWS:
80 Fn::Join:
81 - ""
82 - - "arn:"
83 - Ref: AWS::Partition
84 - :iam::413025517373:root
85 Resource: "*"
86 - Action:
87 - kms:Decrypt
88 - kms:DescribeKey
89 - kms:Encrypt
90 - kms:ReEncrypt*
91 - kms:GenerateDataKey*
92 Effect: Allow
93 Principal:
94 AWS:
95 Fn::GetAtt:
96 - PipelineRoleD68726F7
97 - Arn
98 Resource: "*"
99 - Action:
100 - kms:Decrypt
101 - kms:DescribeKey
102 - kms:Encrypt
103 - kms:ReEncrypt*
104 - kms:GenerateDataKey*
105 Effect: Allow
106 Principal:
107 AWS:
108 Fn::GetAtt:
109 - BuildRole41B77417
110 - Arn
111 Resource: "*"
112 - Action:
113 - kms:Decrypt
114 - kms:Encrypt
115 - kms:ReEncrypt*
116 - kms:GenerateDataKey*
117 Effect: Allow
118 Principal:
119 AWS:
120 Fn::GetAtt:
121 - BuildRole41B77417
122 - Arn
123 Resource: "*"
124 - Action:
125 - kms:Decrypt
126 - kms:DescribeKey
127 - kms:Encrypt
128 - kms:ReEncrypt*
129 - kms:GenerateDataKey*
130 Effect: Allow
131 Principal:
132 AWS:
133 Fn::GetAtt:
134 - BuildAssetsRole6BD3461F
135 - Arn
136 Resource: "*"
137 - Action:
138 - kms:Decrypt
139 - kms:Encrypt
140 - kms:ReEncrypt*
141 - kms:GenerateDataKey*
142 Effect: Allow
143 Principal:
144 AWS:
145 Fn::GetAtt:
146 - BuildAssetsRole6BD3461F
147 - Arn
148 Resource: "*"
149 - Action:
150 - kms:Decrypt
151 - kms:DescribeKey
152 - kms:Encrypt
153 - kms:ReEncrypt*
154 - kms:GenerateDataKey*
155 Effect: Allow
156 Principal:
157 AWS:
158 Fn::GetAtt:
159 - BuildRenderRole2A1E7242
160 - Arn
161 Resource: "*"
162 - Action:
163 - kms:Decrypt
164 - kms:Encrypt
165 - kms:ReEncrypt*
166 - kms:GenerateDataKey*
167 Effect: Allow
168 Principal:
169 AWS:
170 Fn::GetAtt:
171 - BuildRenderRole2A1E7242
172 - Arn
173 Resource: "*"
174 - Action:
175 - kms:Decrypt
176 - kms:DescribeKey
177 Effect: Allow
178 Principal:
179 AWS:
180 Fn::GetAtt:
181 - PipelineDeployAssetsCodePipelineActionRole381C6B27
182 - Arn
183 Resource: "*"
184 - Action:
185 - kms:Decrypt
186 - kms:DescribeKey
187 Effect: Allow
188 Principal:
189 AWS:
190 Fn::GetAtt:
191 - PipelineDeployRenderRole71D39ECE
192 - Arn
193 Resource: "*"
194 - Action:
195 - kms:Decrypt
196 - kms:DescribeKey
197 Effect: Allow
198 Principal:
199 AWS:
200 Fn::GetAtt:
201 - PipelineDeployRenderCodePipelineActionRole7376DCF7
202 - Arn
203 Resource: "*"
204 - Action:
205 - kms:Decrypt
206 - kms:DescribeKey
207 Effect: Allow
208 Principal:
209 AWS:
210 Fn::GetAtt:
211 - PipelineDeployDomainRole8B4F5D16
212 - Arn
213 Resource: "*"
214 - Action:
215 - kms:Decrypt
216 - kms:DescribeKey
217 Effect: Allow
218 Principal:
219 AWS:
220 Fn::GetAtt:
221 - PipelineDeployDomainCodePipelineActionRole2C3BA570
222 - Arn
223 Resource: "*"
224 - Action:
225 - kms:Decrypt
226 - kms:DescribeKey
227 Effect: Allow
228 Principal:
229 AWS:
230 Fn::GetAtt:
231 - ReleaseCDNRole92836511
232 - Arn
233 Resource: "*"
234 - Action:
235 - kms:Decrypt
236 - kms:Encrypt
237 - kms:ReEncrypt*
238 - kms:GenerateDataKey*
239 Effect: Allow
240 Principal:
241 AWS:
242 Fn::GetAtt:
243 - ReleaseCDNRole92836511
244 - Arn
245 Resource: "*"
246 Version: "2012-10-17"
247 UpdateReplacePolicy: Delete
248 DeletionPolicy: Delete
249 Metadata:
250 aws:cdk:path: plants-pipeline/Pipeline/ArtifactsBucketEncryptionKey/Resource
251 PipelineArtifactsBucketEncryptionKeyAlias5C510EEE:
252 Type: AWS::KMS::Alias
253 Properties:
254 AliasName: alias/codepipeline-plantspipelinepipeline85a39223
255 TargetKeyId:
256 Fn::GetAtt:
257 - PipelineArtifactsBucketEncryptionKey01D58D69
258 - Arn
259 UpdateReplacePolicy: Delete
260 DeletionPolicy: Delete
261 Metadata:
262 aws:cdk:path: plants-pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource
263 PipelineArtifactsBucket22248F97:
264 Type: AWS::S3::Bucket
265 Properties:
266 BucketEncryption:
267 ServerSideEncryptionConfiguration:
268 - ServerSideEncryptionByDefault:
269 KMSMasterKeyID:
270 Fn::GetAtt:
271 - PipelineArtifactsBucketEncryptionKey01D58D69
272 - Arn
273 SSEAlgorithm: aws:kms
274 PublicAccessBlockConfiguration:
275 BlockPublicAcls: true
276 BlockPublicPolicy: true
277 IgnorePublicAcls: true
278 RestrictPublicBuckets: true
279 UpdateReplacePolicy: Retain
280 DeletionPolicy: Retain
281 Metadata:
282 aws:cdk:path: plants-pipeline/Pipeline/ArtifactsBucket/Resource
283 PipelineRoleD68726F7:
284 Type: AWS::IAM::Role
285 Properties:
286 AssumeRolePolicyDocument:
287 Statement:
288 - Action: sts:AssumeRole
289 Effect: Allow
290 Principal:
291 Service: codepipeline.amazonaws.com
292 Version: "2012-10-17"
293 Metadata:
294 aws:cdk:path: plants-pipeline/Pipeline/Role/Resource
295 PipelineRoleDefaultPolicyC7A05455:
296 Type: AWS::IAM::Policy
297 Properties:
298 PolicyDocument:
299 Statement:
300 - Action:
301 - s3:GetObject*
302 - s3:GetBucket*
303 - s3:List*
304 - s3:DeleteObject*
305 - s3:PutObject*
306 - s3:Abort*
307 Effect: Allow
308 Resource:
309 - Fn::GetAtt:
310 - PipelineArtifactsBucket22248F97
311 - Arn
312 - Fn::Join:
313 - ""
314 - - Fn::GetAtt:
315 - PipelineArtifactsBucket22248F97
316 - Arn
317 - /*
318 - Action:
319 - kms:Decrypt
320 - kms:DescribeKey
321 - kms:Encrypt
322 - kms:ReEncrypt*
323 - kms:GenerateDataKey*
324 Effect: Allow
325 Resource:
326 Fn::GetAtt:
327 - PipelineArtifactsBucketEncryptionKey01D58D69
328 - Arn
329 - Action: sts:AssumeRole
330 Effect: Allow
331 Resource:
332 Fn::GetAtt:
333 - PipelineBuildCDKCodePipelineActionRoleBDF40025
334 - Arn
335 - Action: sts:AssumeRole
336 Effect: Allow
337 Resource:
338 Fn::GetAtt:
339 - PipelineBuildAssetsCodePipelineActionRole69BA6286
340 - Arn
341 - Action: sts:AssumeRole
342 Effect: Allow
343 Resource:
344 Fn::GetAtt:
345 - PipelineBuildRenderCodePipelineActionRole12F49662
346 - Arn
347 - Action: sts:AssumeRole
348 Effect: Allow
349 Resource:
350 Fn::GetAtt:
351 - PipelineDeployAssetsCodePipelineActionRole381C6B27
352 - Arn
353 - Action: sts:AssumeRole
354 Effect: Allow
355 Resource:
356 Fn::GetAtt:
357 - PipelineDeployRenderCodePipelineActionRole7376DCF7
358 - Arn
359 - Action: sts:AssumeRole
360 Effect: Allow
361 Resource:
362 Fn::GetAtt:
363 - PipelineDeployDomainCodePipelineActionRole2C3BA570
364 - Arn
365 - Action: sts:AssumeRole
366 Effect: Allow
367 Resource:
368 Fn::GetAtt:
369 - PipelineReleaseCDNCodePipelineActionRole5F4E30E4
370 - Arn
371 Version: "2012-10-17"
372 PolicyName: PipelineRoleDefaultPolicyC7A05455
373 Roles:
374 - Ref: PipelineRoleD68726F7
375 Metadata:
376 aws:cdk:path: plants-pipeline/Pipeline/Role/DefaultPolicy/Resource
377 PipelineC660917D:
378 Type: AWS::CodePipeline::Pipeline
379 Properties:
380 RoleArn:
381 Fn::GetAtt:
382 - PipelineRoleD68726F7
383 - Arn
384 Stages:
385 - Actions:
386 - ActionTypeId:
387 Category: Source
388 Owner: ThirdParty
389 Provider: GitHub
390 Version: "1"
391 Configuration:
392 Owner: felguerez
393 Repo: plants
394 Branch: master
395 OAuthToken: "{{resolve:secretsmanager:GitHubToken:SecretString:::}}"
396 PollForSourceChanges: false
397 Name: Checkout
398 OutputArtifacts:
399 - Name: sources
400 RunOrder: 1
401 Name: Sources
402 - Actions:
403 - ActionTypeId:
404 Category: Build
405 Owner: AWS
406 Provider: CodeBuild
407 Version: "1"
408 Configuration:
409 ProjectName:
410 Ref: BuildCDK09D620A6
411 InputArtifacts:
412 - Name: sources
413 Name: CDK
414 OutputArtifacts:
415 - Name: cdk
416 RoleArn:
417 Fn::GetAtt:
418 - PipelineBuildCDKCodePipelineActionRoleBDF40025
419 - Arn
420 RunOrder: 10
421 - ActionTypeId:
422 Category: Build
423 Owner: AWS
424 Provider: CodeBuild
425 Version: "1"
426 Configuration:
427 ProjectName:
428 Ref: BuildAssetsFAC86A51
429 EnvironmentVariables: '[{"name":"REACT_APP_NAME","type":"PLAINTEXT","value":"plants"}]'
430 InputArtifacts:
431 - Name: sources
432 Name: Assets
433 OutputArtifacts:
434 - Name: assets
435 RoleArn:
436 Fn::GetAtt:
437 - PipelineBuildAssetsCodePipelineActionRole69BA6286
438 - Arn
439 RunOrder: 10
440 - ActionTypeId:
441 Category: Build
442 Owner: AWS
443 Provider: CodeBuild
444 Version: "1"
445 Configuration:
446 ProjectName:
447 Ref: BuildRender6A87EF75
448 PrimarySource: sources
449 InputArtifacts:
450 - Name: sources
451 - Name: assets
452 Name: Render
453 OutputArtifacts:
454 - Name: render
455 RoleArn:
456 Fn::GetAtt:
457 - PipelineBuildRenderCodePipelineActionRole12F49662
458 - Arn
459 RunOrder: 20
460 Name: Build
461 - Actions:
462 - ActionTypeId:
463 Category: Deploy
464 Owner: AWS
465 Provider: S3
466 Version: "1"
467 Configuration:
468 BucketName:
469 Ref: Files8E6940B8
470 Extract: "true"
471 InputArtifacts:
472 - Name: assets
473 Name: Assets
474 RoleArn:
475 Fn::GetAtt:
476 - PipelineDeployAssetsCodePipelineActionRole381C6B27
477 - Arn
478 RunOrder: 10
479 - ActionTypeId:
480 Category: Deploy
481 Owner: AWS
482 Provider: CloudFormation
483 Version: "1"
484 Configuration:
485 StackName: plants-render
486 Capabilities: CAPABILITY_NAMED_IAM
487 RoleArn:
488 Fn::GetAtt:
489 - PipelineDeployRenderRole71D39ECE
490 - Arn
491 ParameterOverrides: '{"CodeBucketName":{"Fn::GetArtifactAtt":["render","BucketName"]},"CodeBucketObjectKey":{"Fn::GetArtifactAtt":["render","ObjectKey"]}}'
492 ActionMode: CREATE_UPDATE
493 TemplatePath: cdk::plants-render.template.json
494 InputArtifacts:
495 - Name: render
496 - Name: cdk
497 Name: Render
498 RoleArn:
499 Fn::GetAtt:
500 - PipelineDeployRenderCodePipelineActionRole7376DCF7
501 - Arn
502 RunOrder: 20
503 - ActionTypeId:
504 Category: Deploy
505 Owner: AWS
506 Provider: CloudFormation
507 Version: "1"
508 Configuration:
509 StackName: plants-domain
510 Capabilities: CAPABILITY_NAMED_IAM
511 RoleArn:
512 Fn::GetAtt:
513 - PipelineDeployDomainRole8B4F5D16
514 - Arn
515 ActionMode: CREATE_UPDATE
516 TemplatePath: cdk::plants-domain.template.json
517 InputArtifacts:
518 - Name: cdk
519 Name: Domain
520 RoleArn:
521 Fn::GetAtt:
522 - PipelineDeployDomainCodePipelineActionRole2C3BA570
523 - Arn
524 RunOrder: 50
525 Name: Deploy
526 - Actions:
527 - ActionTypeId:
528 Category: Build
529 Owner: AWS
530 Provider: CodeBuild
531 Version: "1"
532 Configuration:
533 ProjectName:
534 Ref: ReleaseCDN3298D932
535 InputArtifacts:
536 - Name: sources
537 Name: CDN
538 RoleArn:
539 Fn::GetAtt:
540 - PipelineReleaseCDNCodePipelineActionRole5F4E30E4
541 - Arn
542 RunOrder: 1
543 Name: Release
544 ArtifactStore:
545 EncryptionKey:
546 Id:
547 Fn::GetAtt:
548 - PipelineArtifactsBucketEncryptionKey01D58D69
549 - Arn
550 Type: KMS
551 Location:
552 Ref: PipelineArtifactsBucket22248F97
553 Type: S3
554 Name: plants
555 RestartExecutionOnUpdate: false
556 DependsOn:
557 - PipelineRoleDefaultPolicyC7A05455
558 - PipelineRoleD68726F7
559 Metadata:
560 aws:cdk:path: plants-pipeline/Pipeline/Resource
561 PipelineSourcesCheckoutWebhookResourceA7BD5933:
562 Type: AWS::CodePipeline::Webhook
563 Properties:
564 Authentication: GITHUB_HMAC
565 AuthenticationConfiguration:
566 SecretToken: "{{resolve:secretsmanager:GitHubToken:SecretString:::}}"
567 Filters:
568 - JsonPath: $.ref
569 MatchEquals: refs/heads/{Branch}
570 TargetAction: Checkout
571 TargetPipeline:
572 Ref: PipelineC660917D
573 TargetPipelineVersion: 1
574 RegisterWithThirdParty: true
575 Metadata:
576 aws:cdk:path: plants-pipeline/Pipeline/Sources/Checkout/WebhookResource
577 PipelineBuildCDKCodePipelineActionRoleBDF40025:
578 Type: AWS::IAM::Role
579 Properties:
580 AssumeRolePolicyDocument:
581 Statement:
582 - Action: sts:AssumeRole
583 Effect: Allow
584 Principal:
585 AWS:
586 Fn::Join:
587 - ""
588 - - "arn:"
589 - Ref: AWS::Partition
590 - :iam::413025517373:root
591 Version: "2012-10-17"
592 Metadata:
593 aws:cdk:path: plants-pipeline/Pipeline/Build/CDK/CodePipelineActionRole/Resource
594 PipelineBuildCDKCodePipelineActionRoleDefaultPolicyED95E4E6:
595 Type: AWS::IAM::Policy
596 Properties:
597 PolicyDocument:
598 Statement:
599 - Action:
600 - codebuild:BatchGetBuilds
601 - codebuild:StartBuild
602 - codebuild:StopBuild
603 Effect: Allow
604 Resource:
605 Fn::GetAtt:
606 - BuildCDK09D620A6
607 - Arn
608 Version: "2012-10-17"
609 PolicyName: PipelineBuildCDKCodePipelineActionRoleDefaultPolicyED95E4E6
610 Roles:
611 - Ref: PipelineBuildCDKCodePipelineActionRoleBDF40025
612 Metadata:
613 aws:cdk:path: plants-pipeline/Pipeline/Build/CDK/CodePipelineActionRole/DefaultPolicy/Resource
614 PipelineBuildAssetsCodePipelineActionRole69BA6286:
615 Type: AWS::IAM::Role
616 Properties:
617 AssumeRolePolicyDocument:
618 Statement:
619 - Action: sts:AssumeRole
620 Effect: Allow
621 Principal:
622 AWS:
623 Fn::Join:
624 - ""
625 - - "arn:"
626 - Ref: AWS::Partition
627 - :iam::413025517373:root
628 Version: "2012-10-17"
629 Metadata:
630 aws:cdk:path: plants-pipeline/Pipeline/Build/Assets/CodePipelineActionRole/Resource
631 PipelineBuildAssetsCodePipelineActionRoleDefaultPolicyB538F394:
632 Type: AWS::IAM::Policy
633 Properties:
634 PolicyDocument:
635 Statement:
636 - Action:
637 - codebuild:BatchGetBuilds
638 - codebuild:StartBuild
639 - codebuild:StopBuild
640 Effect: Allow
641 Resource:
642 Fn::GetAtt:
643 - BuildAssetsFAC86A51
644 - Arn
645 Version: "2012-10-17"
646 PolicyName: PipelineBuildAssetsCodePipelineActionRoleDefaultPolicyB538F394
647 Roles:
648 - Ref: PipelineBuildAssetsCodePipelineActionRole69BA6286
649 Metadata:
650 aws:cdk:path: plants-pipeline/Pipeline/Build/Assets/CodePipelineActionRole/DefaultPolicy/Resource
651 PipelineBuildRenderCodePipelineActionRole12F49662:
652 Type: AWS::IAM::Role
653 Properties:
654 AssumeRolePolicyDocument:
655 Statement:
656 - Action: sts:AssumeRole
657 Effect: Allow
658 Principal:
659 AWS:
660 Fn::Join:
661 - ""
662 - - "arn:"
663 - Ref: AWS::Partition
664 - :iam::413025517373:root
665 Version: "2012-10-17"
666 Metadata:
667 aws:cdk:path: plants-pipeline/Pipeline/Build/Render/CodePipelineActionRole/Resource
668 PipelineBuildRenderCodePipelineActionRoleDefaultPolicyB4B60F72:
669 Type: AWS::IAM::Policy
670 Properties:
671 PolicyDocument:
672 Statement:
673 - Action:
674 - codebuild:BatchGetBuilds
675 - codebuild:StartBuild
676 - codebuild:StopBuild
677 Effect: Allow
678 Resource:
679 Fn::GetAtt:
680 - BuildRender6A87EF75
681 - Arn
682 Version: "2012-10-17"
683 PolicyName: PipelineBuildRenderCodePipelineActionRoleDefaultPolicyB4B60F72
684 Roles:
685 - Ref: PipelineBuildRenderCodePipelineActionRole12F49662
686 Metadata:
687 aws:cdk:path: plants-pipeline/Pipeline/Build/Render/CodePipelineActionRole/DefaultPolicy/Resource
688 PipelineDeployAssetsCodePipelineActionRole381C6B27:
689 Type: AWS::IAM::Role
690 Properties:
691 AssumeRolePolicyDocument:
692 Statement:
693 - Action: sts:AssumeRole
694 Effect: Allow
695 Principal:
696 AWS:
697 Fn::Join:
698 - ""
699 - - "arn:"
700 - Ref: AWS::Partition
701 - :iam::413025517373:root
702 Version: "2012-10-17"
703 Metadata:
704 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Assets/CodePipelineActionRole/Resource
705 PipelineDeployAssetsCodePipelineActionRoleDefaultPolicy71994611:
706 Type: AWS::IAM::Policy
707 Properties:
708 PolicyDocument:
709 Statement:
710 - Action:
711 - s3:DeleteObject*
712 - s3:PutObject*
713 - s3:Abort*
714 Effect: Allow
715 Resource:
716 - Fn::GetAtt:
717 - Files8E6940B8
718 - Arn
719 - Fn::Join:
720 - ""
721 - - Fn::GetAtt:
722 - Files8E6940B8
723 - Arn
724 - /*
725 - Action:
726 - s3:GetObject*
727 - s3:GetBucket*
728 - s3:List*
729 Effect: Allow
730 Resource:
731 - Fn::GetAtt:
732 - PipelineArtifactsBucket22248F97
733 - Arn
734 - Fn::Join:
735 - ""
736 - - Fn::GetAtt:
737 - PipelineArtifactsBucket22248F97
738 - Arn
739 - /*
740 - Action:
741 - kms:Decrypt
742 - kms:DescribeKey
743 Effect: Allow
744 Resource:
745 Fn::GetAtt:
746 - PipelineArtifactsBucketEncryptionKey01D58D69
747 - Arn
748 Version: "2012-10-17"
749 PolicyName: PipelineDeployAssetsCodePipelineActionRoleDefaultPolicy71994611
750 Roles:
751 - Ref: PipelineDeployAssetsCodePipelineActionRole381C6B27
752 Metadata:
753 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Assets/CodePipelineActionRole/DefaultPolicy/Resource
754 PipelineDeployRenderCodePipelineActionRole7376DCF7:
755 Type: AWS::IAM::Role
756 Properties:
757 AssumeRolePolicyDocument:
758 Statement:
759 - Action: sts:AssumeRole
760 Effect: Allow
761 Principal:
762 AWS:
763 Fn::Join:
764 - ""
765 - - "arn:"
766 - Ref: AWS::Partition
767 - :iam::413025517373:root
768 Version: "2012-10-17"
769 Metadata:
770 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Render/CodePipelineActionRole/Resource
771 PipelineDeployRenderCodePipelineActionRoleDefaultPolicy80A4ED97:
772 Type: AWS::IAM::Policy
773 Properties:
774 PolicyDocument:
775 Statement:
776 - Action: iam:PassRole
777 Effect: Allow
778 Resource:
779 Fn::GetAtt:
780 - PipelineDeployRenderRole71D39ECE
781 - Arn
782 - Action:
783 - s3:GetObject*
784 - s3:GetBucket*
785 - s3:List*
786 Effect: Allow
787 Resource:
788 - Fn::GetAtt:
789 - PipelineArtifactsBucket22248F97
790 - Arn
791 - Fn::Join:
792 - ""
793 - - Fn::GetAtt:
794 - PipelineArtifactsBucket22248F97
795 - Arn
796 - /*
797 - Action:
798 - kms:Decrypt
799 - kms:DescribeKey
800 Effect: Allow
801 Resource:
802 Fn::GetAtt:
803 - PipelineArtifactsBucketEncryptionKey01D58D69
804 - Arn
805 - Action:
806 - cloudformation:CreateStack
807 - cloudformation:DescribeStack*
808 - cloudformation:GetStackPolicy
809 - cloudformation:GetTemplate*
810 - cloudformation:SetStackPolicy
811 - cloudformation:UpdateStack
812 - cloudformation:ValidateTemplate
813 Effect: Allow
814 Resource:
815 Fn::Join:
816 - ""
817 - - "arn:"
818 - Ref: AWS::Partition
819 - :cloudformation:us-east-1:413025517373:stack/plants-render/*
820 Version: "2012-10-17"
821 PolicyName: PipelineDeployRenderCodePipelineActionRoleDefaultPolicy80A4ED97
822 Roles:
823 - Ref: PipelineDeployRenderCodePipelineActionRole7376DCF7
824 Metadata:
825 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Render/CodePipelineActionRole/DefaultPolicy/Resource
826 PipelineDeployRenderRole71D39ECE:
827 Type: AWS::IAM::Role
828 Properties:
829 AssumeRolePolicyDocument:
830 Statement:
831 - Action: sts:AssumeRole
832 Effect: Allow
833 Principal:
834 Service: cloudformation.amazonaws.com
835 Version: "2012-10-17"
836 Metadata:
837 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Render/Role/Resource
838 PipelineDeployRenderRoleDefaultPolicy23C64745:
839 Type: AWS::IAM::Policy
840 Properties:
841 PolicyDocument:
842 Statement:
843 - Action:
844 - s3:GetObject*
845 - s3:GetBucket*
846 - s3:List*
847 Effect: Allow
848 Resource:
849 - Fn::GetAtt:
850 - PipelineArtifactsBucket22248F97
851 - Arn
852 - Fn::Join:
853 - ""
854 - - Fn::GetAtt:
855 - PipelineArtifactsBucket22248F97
856 - Arn
857 - /*
858 - Action:
859 - kms:Decrypt
860 - kms:DescribeKey
861 Effect: Allow
862 Resource:
863 Fn::GetAtt:
864 - PipelineArtifactsBucketEncryptionKey01D58D69
865 - Arn
866 - Action: "*"
867 Effect: Allow
868 Resource: "*"
869 Version: "2012-10-17"
870 PolicyName: PipelineDeployRenderRoleDefaultPolicy23C64745
871 Roles:
872 - Ref: PipelineDeployRenderRole71D39ECE
873 Metadata:
874 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Render/Role/DefaultPolicy/Resource
875 PipelineDeployDomainCodePipelineActionRole2C3BA570:
876 Type: AWS::IAM::Role
877 Properties:
878 AssumeRolePolicyDocument:
879 Statement:
880 - Action: sts:AssumeRole
881 Effect: Allow
882 Principal:
883 AWS:
884 Fn::Join:
885 - ""
886 - - "arn:"
887 - Ref: AWS::Partition
888 - :iam::413025517373:root
889 Version: "2012-10-17"
890 Metadata:
891 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Domain/CodePipelineActionRole/Resource
892 PipelineDeployDomainCodePipelineActionRoleDefaultPolicyB8A290EA:
893 Type: AWS::IAM::Policy
894 Properties:
895 PolicyDocument:
896 Statement:
897 - Action: iam:PassRole
898 Effect: Allow
899 Resource:
900 Fn::GetAtt:
901 - PipelineDeployDomainRole8B4F5D16
902 - Arn
903 - Action:
904 - s3:GetObject*
905 - s3:GetBucket*
906 - s3:List*
907 Effect: Allow
908 Resource:
909 - Fn::GetAtt:
910 - PipelineArtifactsBucket22248F97
911 - Arn
912 - Fn::Join:
913 - ""
914 - - Fn::GetAtt:
915 - PipelineArtifactsBucket22248F97
916 - Arn
917 - /*
918 - Action:
919 - kms:Decrypt
920 - kms:DescribeKey
921 Effect: Allow
922 Resource:
923 Fn::GetAtt:
924 - PipelineArtifactsBucketEncryptionKey01D58D69
925 - Arn
926 - Action:
927 - cloudformation:CreateStack
928 - cloudformation:DescribeStack*
929 - cloudformation:GetStackPolicy
930 - cloudformation:GetTemplate*
931 - cloudformation:SetStackPolicy
932 - cloudformation:UpdateStack
933 - cloudformation:ValidateTemplate
934 Effect: Allow
935 Resource:
936 Fn::Join:
937 - ""
938 - - "arn:"
939 - Ref: AWS::Partition
940 - :cloudformation:us-east-1:413025517373:stack/plants-domain/*
941 Version: "2012-10-17"
942 PolicyName: PipelineDeployDomainCodePipelineActionRoleDefaultPolicyB8A290EA
943 Roles:
944 - Ref: PipelineDeployDomainCodePipelineActionRole2C3BA570
945 Metadata:
946 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Domain/CodePipelineActionRole/DefaultPolicy/Resource
947 PipelineDeployDomainRole8B4F5D16:
948 Type: AWS::IAM::Role
949 Properties:
950 AssumeRolePolicyDocument:
951 Statement:
952 - Action: sts:AssumeRole
953 Effect: Allow
954 Principal:
955 Service: cloudformation.amazonaws.com
956 Version: "2012-10-17"
957 Metadata:
958 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Domain/Role/Resource
959 PipelineDeployDomainRoleDefaultPolicy0AA87BEF:
960 Type: AWS::IAM::Policy
961 Properties:
962 PolicyDocument:
963 Statement:
964 - Action:
965 - s3:GetObject*
966 - s3:GetBucket*
967 - s3:List*
968 Effect: Allow
969 Resource:
970 - Fn::GetAtt:
971 - PipelineArtifactsBucket22248F97
972 - Arn
973 - Fn::Join:
974 - ""
975 - - Fn::GetAtt:
976 - PipelineArtifactsBucket22248F97
977 - Arn
978 - /*
979 - Action:
980 - kms:Decrypt
981 - kms:DescribeKey
982 Effect: Allow
983 Resource:
984 Fn::GetAtt:
985 - PipelineArtifactsBucketEncryptionKey01D58D69
986 - Arn
987 - Action: "*"
988 Effect: Allow
989 Resource: "*"
990 Version: "2012-10-17"
991 PolicyName: PipelineDeployDomainRoleDefaultPolicy0AA87BEF
992 Roles:
993 - Ref: PipelineDeployDomainRole8B4F5D16
994 Metadata:
995 aws:cdk:path: plants-pipeline/Pipeline/Deploy/Domain/Role/DefaultPolicy/Resource
996 PipelineReleaseCDNCodePipelineActionRole5F4E30E4:
997 Type: AWS::IAM::Role
998 Properties:
999 AssumeRolePolicyDocument:
1000 Statement:
1001 - Action: sts:AssumeRole
1002 Effect: Allow
1003 Principal:
1004 AWS:
1005 Fn::Join:
1006 - ""
1007 - - "arn:"
1008 - Ref: AWS::Partition
1009 - :iam::413025517373:root
1010 Version: "2012-10-17"
1011 Metadata:
1012 aws:cdk:path: plants-pipeline/Pipeline/Release/CDN/CodePipelineActionRole/Resource
1013 PipelineReleaseCDNCodePipelineActionRoleDefaultPolicy393CBE78:
1014 Type: AWS::IAM::Policy
1015 Properties:
1016 PolicyDocument:
1017 Statement:
1018 - Action:
1019 - codebuild:BatchGetBuilds
1020 - codebuild:StartBuild
1021 - codebuild:StopBuild
1022 Effect: Allow
1023 Resource:
1024 Fn::GetAtt:
1025 - ReleaseCDN3298D932
1026 - Arn
1027 Version: "2012-10-17"
1028 PolicyName: PipelineReleaseCDNCodePipelineActionRoleDefaultPolicy393CBE78
1029 Roles:
1030 - Ref: PipelineReleaseCDNCodePipelineActionRole5F4E30E4
1031 Metadata:
1032 aws:cdk:path: plants-pipeline/Pipeline/Release/CDN/CodePipelineActionRole/DefaultPolicy/Resource
1033 BuildRole41B77417:
1034 Type: AWS::IAM::Role
1035 Properties:
1036 AssumeRolePolicyDocument:
1037 Statement:
1038 - Action: sts:AssumeRole
1039 Effect: Allow
1040 Principal:
1041 Service: codebuild.amazonaws.com
1042 Version: "2012-10-17"
1043 ManagedPolicyArns:
1044 - Fn::Join:
1045 - ""
1046 - - "arn:"
1047 - Ref: AWS::Partition
1048 - :iam::aws:policy/AmazonRoute53ReadOnlyAccess
1049 Path: /
1050 Metadata:
1051 aws:cdk:path: plants-pipeline/BuildRole/Resource
1052 BuildRoleDefaultPolicy05D1D9FE:
1053 Type: AWS::IAM::Policy
1054 Properties:
1055 PolicyDocument:
1056 Statement:
1057 - Action:
1058 - logs:CreateLogGroup
1059 - logs:CreateLogStream
1060 - logs:PutLogEvents
1061 Effect: Allow
1062 Resource:
1063 - Fn::Join:
1064 - ""
1065 - - "arn:"
1066 - Ref: AWS::Partition
1067 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1068 - Ref: BuildCDK09D620A6
1069 - Fn::Join:
1070 - ""
1071 - - "arn:"
1072 - Ref: AWS::Partition
1073 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1074 - Ref: BuildCDK09D620A6
1075 - :*
1076 - Action:
1077 - codebuild:CreateReportGroup
1078 - codebuild:CreateReport
1079 - codebuild:UpdateReport
1080 - codebuild:BatchPutTestCases
1081 - codebuild:BatchPutCodeCoverages
1082 Effect: Allow
1083 Resource:
1084 Fn::Join:
1085 - ""
1086 - - "arn:"
1087 - Ref: AWS::Partition
1088 - :codebuild:us-east-1:413025517373:report-group/
1089 - Ref: BuildCDK09D620A6
1090 - -*
1091 - Action:
1092 - s3:GetObject*
1093 - s3:GetBucket*
1094 - s3:List*
1095 - s3:DeleteObject*
1096 - s3:PutObject*
1097 - s3:Abort*
1098 Effect: Allow
1099 Resource:
1100 - Fn::GetAtt:
1101 - PipelineArtifactsBucket22248F97
1102 - Arn
1103 - Fn::Join:
1104 - ""
1105 - - Fn::GetAtt:
1106 - PipelineArtifactsBucket22248F97
1107 - Arn
1108 - /*
1109 - Action:
1110 - kms:Decrypt
1111 - kms:DescribeKey
1112 - kms:Encrypt
1113 - kms:ReEncrypt*
1114 - kms:GenerateDataKey*
1115 Effect: Allow
1116 Resource:
1117 Fn::GetAtt:
1118 - PipelineArtifactsBucketEncryptionKey01D58D69
1119 - Arn
1120 - Action:
1121 - kms:Decrypt
1122 - kms:Encrypt
1123 - kms:ReEncrypt*
1124 - kms:GenerateDataKey*
1125 Effect: Allow
1126 Resource:
1127 Fn::GetAtt:
1128 - PipelineArtifactsBucketEncryptionKey01D58D69
1129 - Arn
1130 Version: "2012-10-17"
1131 PolicyName: BuildRoleDefaultPolicy05D1D9FE
1132 Roles:
1133 - Ref: BuildRole41B77417
1134 Metadata:
1135 aws:cdk:path: plants-pipeline/BuildRole/DefaultPolicy/Resource
1136 BuildCDK09D620A6:
1137 Type: AWS::CodeBuild::Project
1138 Properties:
1139 Artifacts:
1140 Type: CODEPIPELINE
1141 Environment:
1142 ComputeType: BUILD_GENERAL1_SMALL
1143 Image: aws/codebuild/standard:1.0
1144 ImagePullCredentialsType: CODEBUILD
1145 PrivilegedMode: false
1146 Type: LINUX_CONTAINER
1147 ServiceRole:
1148 Fn::GetAtt:
1149 - BuildRole41B77417
1150 - Arn
1151 Source:
1152 BuildSpec: ./aws/buildspecs/cdk.yml
1153 Type: CODEPIPELINE
1154 EncryptionKey:
1155 Fn::GetAtt:
1156 - PipelineArtifactsBucketEncryptionKey01D58D69
1157 - Arn
1158 Name: CDK
1159 Metadata:
1160 aws:cdk:path: plants-pipeline/BuildCDK/Resource
1161 BuildAssetsRole6BD3461F:
1162 Type: AWS::IAM::Role
1163 Properties:
1164 AssumeRolePolicyDocument:
1165 Statement:
1166 - Action: sts:AssumeRole
1167 Effect: Allow
1168 Principal:
1169 Service: codebuild.amazonaws.com
1170 Version: "2012-10-17"
1171 Metadata:
1172 aws:cdk:path: plants-pipeline/BuildAssets/Role/Resource
1173 BuildAssetsRoleDefaultPolicyA2F419F3:
1174 Type: AWS::IAM::Policy
1175 Properties:
1176 PolicyDocument:
1177 Statement:
1178 - Action:
1179 - logs:CreateLogGroup
1180 - logs:CreateLogStream
1181 - logs:PutLogEvents
1182 Effect: Allow
1183 Resource:
1184 - Fn::Join:
1185 - ""
1186 - - "arn:"
1187 - Ref: AWS::Partition
1188 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1189 - Ref: BuildAssetsFAC86A51
1190 - Fn::Join:
1191 - ""
1192 - - "arn:"
1193 - Ref: AWS::Partition
1194 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1195 - Ref: BuildAssetsFAC86A51
1196 - :*
1197 - Action:
1198 - codebuild:CreateReportGroup
1199 - codebuild:CreateReport
1200 - codebuild:UpdateReport
1201 - codebuild:BatchPutTestCases
1202 - codebuild:BatchPutCodeCoverages
1203 Effect: Allow
1204 Resource:
1205 Fn::Join:
1206 - ""
1207 - - "arn:"
1208 - Ref: AWS::Partition
1209 - :codebuild:us-east-1:413025517373:report-group/
1210 - Ref: BuildAssetsFAC86A51
1211 - -*
1212 - Action:
1213 - s3:GetObject*
1214 - s3:GetBucket*
1215 - s3:List*
1216 - s3:DeleteObject*
1217 - s3:PutObject*
1218 - s3:Abort*
1219 Effect: Allow
1220 Resource:
1221 - Fn::GetAtt:
1222 - PipelineArtifactsBucket22248F97
1223 - Arn
1224 - Fn::Join:
1225 - ""
1226 - - Fn::GetAtt:
1227 - PipelineArtifactsBucket22248F97
1228 - Arn
1229 - /*
1230 - Action:
1231 - kms:Decrypt
1232 - kms:DescribeKey
1233 - kms:Encrypt
1234 - kms:ReEncrypt*
1235 - kms:GenerateDataKey*
1236 Effect: Allow
1237 Resource:
1238 Fn::GetAtt:
1239 - PipelineArtifactsBucketEncryptionKey01D58D69
1240 - Arn
1241 - Action:
1242 - kms:Decrypt
1243 - kms:Encrypt
1244 - kms:ReEncrypt*
1245 - kms:GenerateDataKey*
1246 Effect: Allow
1247 Resource:
1248 Fn::GetAtt:
1249 - PipelineArtifactsBucketEncryptionKey01D58D69
1250 - Arn
1251 Version: "2012-10-17"
1252 PolicyName: BuildAssetsRoleDefaultPolicyA2F419F3
1253 Roles:
1254 - Ref: BuildAssetsRole6BD3461F
1255 Metadata:
1256 aws:cdk:path: plants-pipeline/BuildAssets/Role/DefaultPolicy/Resource
1257 BuildAssetsFAC86A51:
1258 Type: AWS::CodeBuild::Project
1259 Properties:
1260 Artifacts:
1261 Type: CODEPIPELINE
1262 Environment:
1263 ComputeType: BUILD_GENERAL1_SMALL
1264 Image: aws/codebuild/standard:1.0
1265 ImagePullCredentialsType: CODEBUILD
1266 PrivilegedMode: false
1267 Type: LINUX_CONTAINER
1268 ServiceRole:
1269 Fn::GetAtt:
1270 - BuildAssetsRole6BD3461F
1271 - Arn
1272 Source:
1273 BuildSpec: ./aws/buildspecs/assets.yml
1274 Type: CODEPIPELINE
1275 EncryptionKey:
1276 Fn::GetAtt:
1277 - PipelineArtifactsBucketEncryptionKey01D58D69
1278 - Arn
1279 Name: Assets
1280 Metadata:
1281 aws:cdk:path: plants-pipeline/BuildAssets/Resource
1282 BuildRenderRole2A1E7242:
1283 Type: AWS::IAM::Role
1284 Properties:
1285 AssumeRolePolicyDocument:
1286 Statement:
1287 - Action: sts:AssumeRole
1288 Effect: Allow
1289 Principal:
1290 Service: codebuild.amazonaws.com
1291 Version: "2012-10-17"
1292 Metadata:
1293 aws:cdk:path: plants-pipeline/BuildRender/Role/Resource
1294 BuildRenderRoleDefaultPolicy30261295:
1295 Type: AWS::IAM::Policy
1296 Properties:
1297 PolicyDocument:
1298 Statement:
1299 - Action:
1300 - logs:CreateLogGroup
1301 - logs:CreateLogStream
1302 - logs:PutLogEvents
1303 Effect: Allow
1304 Resource:
1305 - Fn::Join:
1306 - ""
1307 - - "arn:"
1308 - Ref: AWS::Partition
1309 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1310 - Ref: BuildRender6A87EF75
1311 - Fn::Join:
1312 - ""
1313 - - "arn:"
1314 - Ref: AWS::Partition
1315 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1316 - Ref: BuildRender6A87EF75
1317 - :*
1318 - Action:
1319 - codebuild:CreateReportGroup
1320 - codebuild:CreateReport
1321 - codebuild:UpdateReport
1322 - codebuild:BatchPutTestCases
1323 - codebuild:BatchPutCodeCoverages
1324 Effect: Allow
1325 Resource:
1326 Fn::Join:
1327 - ""
1328 - - "arn:"
1329 - Ref: AWS::Partition
1330 - :codebuild:us-east-1:413025517373:report-group/
1331 - Ref: BuildRender6A87EF75
1332 - -*
1333 - Action:
1334 - s3:GetObject*
1335 - s3:GetBucket*
1336 - s3:List*
1337 - s3:DeleteObject*
1338 - s3:PutObject*
1339 - s3:Abort*
1340 Effect: Allow
1341 Resource:
1342 - Fn::GetAtt:
1343 - PipelineArtifactsBucket22248F97
1344 - Arn
1345 - Fn::Join:
1346 - ""
1347 - - Fn::GetAtt:
1348 - PipelineArtifactsBucket22248F97
1349 - Arn
1350 - /*
1351 - Action:
1352 - kms:Decrypt
1353 - kms:DescribeKey
1354 - kms:Encrypt
1355 - kms:ReEncrypt*
1356 - kms:GenerateDataKey*
1357 Effect: Allow
1358 Resource:
1359 Fn::GetAtt:
1360 - PipelineArtifactsBucketEncryptionKey01D58D69
1361 - Arn
1362 - Action:
1363 - kms:Decrypt
1364 - kms:Encrypt
1365 - kms:ReEncrypt*
1366 - kms:GenerateDataKey*
1367 Effect: Allow
1368 Resource:
1369 Fn::GetAtt:
1370 - PipelineArtifactsBucketEncryptionKey01D58D69
1371 - Arn
1372 Version: "2012-10-17"
1373 PolicyName: BuildRenderRoleDefaultPolicy30261295
1374 Roles:
1375 - Ref: BuildRenderRole2A1E7242
1376 Metadata:
1377 aws:cdk:path: plants-pipeline/BuildRender/Role/DefaultPolicy/Resource
1378 BuildRender6A87EF75:
1379 Type: AWS::CodeBuild::Project
1380 Properties:
1381 Artifacts:
1382 Type: CODEPIPELINE
1383 Environment:
1384 ComputeType: BUILD_GENERAL1_SMALL
1385 Image: aws/codebuild/standard:1.0
1386 ImagePullCredentialsType: CODEBUILD
1387 PrivilegedMode: false
1388 Type: LINUX_CONTAINER
1389 ServiceRole:
1390 Fn::GetAtt:
1391 - BuildRenderRole2A1E7242
1392 - Arn
1393 Source:
1394 BuildSpec: ./aws/buildspecs/render.yml
1395 Type: CODEPIPELINE
1396 EncryptionKey:
1397 Fn::GetAtt:
1398 - PipelineArtifactsBucketEncryptionKey01D58D69
1399 - Arn
1400 Name: Render
1401 Metadata:
1402 aws:cdk:path: plants-pipeline/BuildRender/Resource
1403 ReleaseCDNRole92836511:
1404 Type: AWS::IAM::Role
1405 Properties:
1406 AssumeRolePolicyDocument:
1407 Statement:
1408 - Action: sts:AssumeRole
1409 Effect: Allow
1410 Principal:
1411 Service: codebuild.amazonaws.com
1412 Version: "2012-10-17"
1413 Path: /
1414 Metadata:
1415 aws:cdk:path: plants-pipeline/ReleaseCDNRole/Resource
1416 ReleaseCDNRoleDefaultPolicyD35E2C30:
1417 Type: AWS::IAM::Policy
1418 Properties:
1419 PolicyDocument:
1420 Statement:
1421 - Action: ssm:GetParameter
1422 Effect: Allow
1423 Resource: arn:aws:ssm:us-east-1:413025517373:parameter/plants/*
1424 - Action: cloudfront:CreateInvalidation
1425 Effect: Allow
1426 Resource: arn:aws:cloudfront::413025517373:distribution/*
1427 - Action:
1428 - logs:CreateLogGroup
1429 - logs:CreateLogStream
1430 - logs:PutLogEvents
1431 Effect: Allow
1432 Resource:
1433 - Fn::Join:
1434 - ""
1435 - - "arn:"
1436 - Ref: AWS::Partition
1437 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1438 - Ref: ReleaseCDN3298D932
1439 - Fn::Join:
1440 - ""
1441 - - "arn:"
1442 - Ref: AWS::Partition
1443 - :logs:us-east-1:413025517373:log-group:/aws/codebuild/
1444 - Ref: ReleaseCDN3298D932
1445 - :*
1446 - Action:
1447 - codebuild:CreateReportGroup
1448 - codebuild:CreateReport
1449 - codebuild:UpdateReport
1450 - codebuild:BatchPutTestCases
1451 - codebuild:BatchPutCodeCoverages
1452 Effect: Allow
1453 Resource:
1454 Fn::Join:
1455 - ""
1456 - - "arn:"
1457 - Ref: AWS::Partition
1458 - :codebuild:us-east-1:413025517373:report-group/
1459 - Ref: ReleaseCDN3298D932
1460 - -*
1461 - Action:
1462 - s3:GetObject*
1463 - s3:GetBucket*
1464 - s3:List*
1465 Effect: Allow
1466 Resource:
1467 - Fn::GetAtt:
1468 - PipelineArtifactsBucket22248F97
1469 - Arn
1470 - Fn::Join:
1471 - ""
1472 - - Fn::GetAtt:
1473 - PipelineArtifactsBucket22248F97
1474 - Arn
1475 - /*
1476 - Action:
1477 - kms:Decrypt
1478 - kms:DescribeKey
1479 Effect: Allow
1480 Resource:
1481 Fn::GetAtt:
1482 - PipelineArtifactsBucketEncryptionKey01D58D69
1483 - Arn
1484 - Action:
1485 - kms:Decrypt
1486 - kms:Encrypt
1487 - kms:ReEncrypt*
1488 - kms:GenerateDataKey*
1489 Effect: Allow
1490 Resource:
1491 Fn::GetAtt:
1492 - PipelineArtifactsBucketEncryptionKey01D58D69
1493 - Arn
1494 Version: "2012-10-17"
1495 PolicyName: ReleaseCDNRoleDefaultPolicyD35E2C30
1496 Roles:
1497 - Ref: ReleaseCDNRole92836511
1498 Metadata:
1499 aws:cdk:path: plants-pipeline/ReleaseCDNRole/DefaultPolicy/Resource
1500 ReleaseCDN3298D932:
1501 Type: AWS::CodeBuild::Project
1502 Properties:
1503 Artifacts:
1504 Type: CODEPIPELINE
1505 Environment:
1506 ComputeType: BUILD_GENERAL1_SMALL
1507 EnvironmentVariables:
1508 - Name: SSM_NAMESPACE
1509 Type: PLAINTEXT
1510 Value: plants
1511 Image: aws/codebuild/standard:1.0
1512 ImagePullCredentialsType: CODEBUILD
1513 PrivilegedMode: false
1514 Type: LINUX_CONTAINER
1515 ServiceRole:
1516 Fn::GetAtt:
1517 - ReleaseCDNRole92836511
1518 - Arn
1519 Source:
1520 BuildSpec: ./aws/buildspecs/release.yml
1521 Type: CODEPIPELINE
1522 EncryptionKey:
1523 Fn::GetAtt:
1524 - PipelineArtifactsBucketEncryptionKey01D58D69
1525 - Arn
1526 Name: CDN
1527 Metadata:
1528 aws:cdk:path: plants-pipeline/ReleaseCDN/Resource
1529 CDKMetadata:
1530 Type: AWS::CDK::Metadata
1531 Properties:
1532 Analytics: v2:deflate64:H4sIAAAAAAAAE01QQW7DIBB8S++ENEpaqbcmPuZiuYecCd62azAbsdCoQvy9Brt1TzPDDswsO/nyLB8fXtWdN7o326TJg0xvQWkjGnIcfNRBNO+uA6boNWRRvIn3Mp2iNlCHC5uhJYv6ez2edRbMY3nZo/tolVcjBPDF9Sey0NTDDW9g0U0t2oVV0z9+gesnkcnCjCzTGWpWgaNFxUVUkgWqKbEjW29VXLv9tiqR14i2X/NaTwPMWy805yzcZJQDb792T/Iw/dnAiBsfXcARZDfjD/74T0JPAQAA
1533 Metadata:
1534 aws:cdk:path: plants-pipeline/CDKMetadata/Default
1535
1536