Created
April 25, 2019 15:24
-
-
Save eelzinaty/8d013575a02245aafacaf926226a870d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Description": "An auto-generated nested stack.", | |
| "Metadata": {}, | |
| "Parameters": { | |
| "AppSyncApiId": { | |
| "Type": "String", | |
| "Description": "The id of the AppSync API associated with this project." | |
| }, | |
| "AppSyncApiName": { | |
| "Type": "String", | |
| "Description": "The name of the AppSync API", | |
| "Default": "AppSyncSimpleTransform" | |
| }, | |
| "env": { | |
| "Type": "String", | |
| "Description": "The environment name. e.g. Dev, Test, or Production", | |
| "Default": "NONE" | |
| }, | |
| "authRoleName": { | |
| "Type": "String", | |
| "Default": "app-authRole" | |
| } | |
| }, | |
| "Resources": { | |
| "appsyncexecutionpolicy": { | |
| "Type": "AWS::IAM::Policy", | |
| "Properties": { | |
| "PolicyName": { | |
| "Fn::Sub": [ | |
| "appsync-${api}-policy", | |
| { | |
| "api": { | |
| "Ref": "AppSyncApiId" | |
| } | |
| } | |
| ] | |
| }, | |
| "Roles": [ | |
| { | |
| "Ref": "authRoleName" | |
| } | |
| ], | |
| "PolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "customerappsync", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "appsync:GraphQL" | |
| ], | |
| "Resource": [ | |
| { | |
| "Fn::Sub": [ | |
| "arn:aws:appsync:${region}:${account}:apis/${appid}", | |
| { | |
| "region": { | |
| "Ref": "AWS::Region" | |
| }, | |
| "account": { | |
| "Ref": "AWS::AccountId" | |
| }, | |
| "appid": { | |
| "Ref": "AppSyncApiId" | |
| } | |
| } | |
| ] | |
| }, | |
| { | |
| "Fn::Sub": [ | |
| "arn:aws:appsync:${region}:${account}:apis/${appid}/*", | |
| { | |
| "region": { | |
| "Ref": "AWS::Region" | |
| }, | |
| "account": { | |
| "Ref": "AWS::AccountId" | |
| }, | |
| "appid": { | |
| "Ref": "AppSyncApiId" | |
| } | |
| } | |
| ] | |
| }, | |
| { | |
| "Fn::Sub": [ | |
| "arn:aws:appsync:${region}:${account}:apis/${appid}/types/*", | |
| { | |
| "region": { | |
| "Ref": "AWS::Region" | |
| }, | |
| "account": { | |
| "Ref": "AWS::AccountId" | |
| }, | |
| "appid": { | |
| "Ref": "AppSyncApiId" | |
| } | |
| } | |
| ] | |
| }, | |
| { | |
| "Fn::Sub": [ | |
| "arn:aws:appsync:${region}:${account}:apis/${appid}/types/*/fields/*", | |
| { | |
| "region": { | |
| "Ref": "AWS::Region" | |
| }, | |
| "account": { | |
| "Ref": "AWS::AccountId" | |
| }, | |
| "appid": { | |
| "Ref": "AppSyncApiId" | |
| } | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| }, | |
| "Conditions": { | |
| "HasEnvironmentParameter": { | |
| "Fn::Not": [ | |
| { | |
| "Fn::Equals": [ | |
| { | |
| "Ref": "env" | |
| }, | |
| "NONE" | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| "Outputs": { | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment