Created
October 8, 2018 14:40
-
-
Save mlafeldt/96193a8cf50fd8314c3f197e7902806b to your computer and use it in GitHub Desktop.
CloudFormation stack for Epsagon to provide monitoring
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: CloudFormation stack for Epsagon to provide monitoring. | |
| Resources: | |
| EpsagonRole: | |
| Type: 'AWS::IAM::Role' | |
| Properties: | |
| AssumeRolePolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| AWS: | |
| - !Join | |
| - ':' | |
| - - 'arn:aws:iam:' | |
| - !Ref AWSAccount | |
| - root | |
| Action: | |
| - 'sts:AssumeRole' | |
| Condition: | |
| StringEquals: | |
| 'sts:ExternalId': !Ref ExternalId | |
| Path: / | |
| RoleName: EpsagonRole | |
| Policies: | |
| - PolicyName: epsagon-policy | |
| PolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - Effect: Allow | |
| Action: 'logs:PutSubscriptionFilter' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'logs:DescribeSubscriptionFilters' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'logs:DeleteSubscriptionFilter' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'logs:FilterLogEvents' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'logs:DescribeLogStreams' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'logs:DescribeLogGroups' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'lambda:List*' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'lambda:Get*' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'batch:Describe*' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'xray:Get*' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'xray:BatchGet*' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'apigateway:GET' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'apigateway:HEAD' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'apigateway:OPTIONS' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'states:List*' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'states:Get*' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: 'states:Describe*' | |
| Resource: '*' | |
| Parameters: | |
| ExternalId: | |
| Description: The external ID for the Epsagon role | |
| Type: String | |
| AWSAccount: | |
| Description: The Epsagon AWS account | |
| Type: String | |
| AllowedPattern: '[0-9]*' | |
| ConstraintDescription: must be a valid AWS Account ID. | |
| Outputs: | |
| EpsagonRoleArn: | |
| Description: The ARN for the Epsagon role | |
| Value: !GetAtt | |
| - EpsagonRole | |
| - Arn | |
| EpsagonRoleExternalId: | |
| Description: The external ID for the Epsagon role | |
| Value: !Ref ExternalId |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment