AWSTemplateFormatVersion: '2010-09-09'
Description: Dependencies for CloudFormatious tests.
Resources:
Policy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Grants the permissions needed to run CloudFormatious integration tests.
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: CloudFormationStackOperations
Effect: Allow
Action:
- cloudformation:CreateChangeSet
- cloudformation:DeleteStack
- cloudformation:DescribeChangeSet
- cloudformation:DescribeStackEvents
- cloudformation:DescribeStacks
- cloudformation:ExecuteChangeSet
Resource: arn:aws:cloudformation:*:*:stack/cloudformatious-testing-*
- Sid: CreateSubnet
Effect: Allow
Action:
- ec2:CreateSubnet
Resource:
- !Sub arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:vpc/${Vpc}
- !Sub arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:subnet/*
- Sid: SubnetOperations1
Effect: Allow
Action:
- ec2:DeleteSubnet
Resource: '*'
Condition:
StringEquals:
ec2:Vpc: !Sub arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:vpc/${Vpc}
- Sid: SubnetOperations2
Effect: Allow
Action:
- ec2:CreateTags
- ec2:DescribeSubnets
Resource: '*' - Sid: SecretsManagerOperations
Effect: Allow
Action:
- secretsmanager:CreateSecret
- secretsmanager:DeleteSecret
- secretsmanager:TagResource
Resource: !Sub arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:cloudformatious-testing-*
- Sid: DecodeAuthorizationMessage
Effect: Allow
Action:
- sts:DecodeAuthorizationMessage
Resource: '*'
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/24
Tags:
- Key: Name
Value: !Ref AWS::StackName
Outputs:
PolicyArn:
Value: !Ref Policy
VpcId:
Value: !Ref Vpc
Export:
Name: !Sub ${AWS::StackName}-VpcId