Last active
May 17, 2017 06:02
-
-
Save Quantium/f106290ae831a047981c to your computer and use it in GitHub Desktop.
CodeDeploy necesary IAM Roles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CodeDeploy Trust Role | |
| This Role is attached to CD Deployment Group or to the CD App when is created. | |
| In the Inline Policies of the Role must be added a Policy called CodeDeployPolicy as follows: | |
| { | |
| "Statement": [ | |
| { | |
| "Resource": [ | |
| "*" | |
| ], | |
| "Action": [ | |
| "ec2:Describe*" | |
| ], | |
| "Effect": "Allow" | |
| }, | |
| { | |
| "Resource": [ | |
| "*" | |
| ], | |
| "Action": [ | |
| "autoscaling:CompleteLifecycleAction", | |
| "autoscaling:DeleteLifecycleHook", | |
| "autoscaling:DescribeLifecycleHooks", | |
| "autoscaling:DescribeAutoScalingGroups", | |
| "autoscaling:PutLifecycleHook", | |
| "autoscaling:RecordLifecycleActionHeartbeat" | |
| ], | |
| "Effect": "Allow" | |
| }, | |
| { | |
| "Resource": [ | |
| "*" | |
| ], | |
| "Action": [ | |
| "Tag:getResources", | |
| "Tag:getTags", | |
| "Tag:getTagsForResource", | |
| "Tag:getTagsForResourceList" | |
| ], | |
| "Effect": "Allow" | |
| } | |
| ] | |
| } | |
| And the Trust Relationships must be as follows: | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "codedeploy.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CodeDeploy Instance Role | |
| This Role is the one that creates and manage the instences to be deployed. | |
| The instance must be launched with this Role as IAM Role for EC2. | |
| On the Select Role Type page, choose Select next to Amazon EC2. | |
| On the Attach Policy page select PowerUserAccess | |
| In the Inline Policies of the Role must be added a Policy called InstanceRole as follows: | |
| { | |
| "Statement": [ | |
| { | |
| "Resource": "*", | |
| "Action": [ | |
| "autoscaling:Describe*", | |
| "cloudformation:Describe*", | |
| "cloudformation:GetTemplate", | |
| "s3:Get*" | |
| ], | |
| "Effect": "Allow" | |
| } | |
| ] | |
| } | |
| And the Trust Relationships must be as follows: | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "codedeploy.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment