Last active
January 3, 2021 18:34
-
-
Save nelhage/e7ad0687b45ea5cc7ee3cccc4ae4d0a8 to your computer and use it in GitHub Desktop.
Llama CF template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Parameters": { | |
| "ObjectStoreBucket": { | |
| "Type": "String", | |
| "Description": "A pre-existing S3 bucket to use for llama's object store" | |
| }, | |
| "ObjectStorePrefix": { | |
| "Type": "String", | |
| "Description": "A prefix in $ObjectStoreBucket under which to store objects", | |
| "Default": "/", | |
| "AllowedPattern": "[a-zA-Z0-9_/-]*/", | |
| "ConstraintDescription": "must be an S3 path prefix ending with a trailing /" | |
| }, | |
| "ECRRepositoryName": { | |
| "Type": "String", | |
| "Description": "The name for the llama ECR repository", | |
| "Default": "llama", | |
| "AllowedPattern": "(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*", | |
| "ConstraintDescription": "must be a valid ECR repository name" | |
| } | |
| }, | |
| "Resources": { | |
| "LlamaRole": { | |
| "Type": "AWS::IAM::Role", | |
| "Properties": { | |
| "AssumeRolePolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "lambda.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } | |
| ] | |
| }, | |
| "Description": "The role used to invoke llama Lambda functions", | |
| "ManagedPolicyArns": [ | |
| "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" | |
| ], | |
| "Policies": [ | |
| { | |
| "PolicyName": "llama-access-object-store", | |
| "PolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "LlamaAccessObjectStore", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:PutObject", | |
| "s3:GetObject", | |
| "s3:ListBucketMultipartUploads", | |
| "s3:ListBucket" | |
| ], | |
| "Resource": [ | |
| { | |
| "Fn::Join": [ | |
| "", | |
| [ | |
| "arn:aws:s3:::", | |
| {"Ref": "ObjectStoreBucket"} | |
| ] | |
| ] | |
| }, | |
| { | |
| "Fn::Join": [ | |
| "", | |
| [ | |
| "arn:aws:s3:::", | |
| {"Ref": "ObjectStoreBucket"}, | |
| "/", | |
| {"Ref": "ObjectStorePrefix"}, | |
| "*" | |
| ] | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "LlamaRegistry": { | |
| "Type": "AWS::ECR::Repository", | |
| "Properties": { | |
| "RepositoryName": {"Ref": "ECRRepositoryName"} | |
| } | |
| }, | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment