Roles
unknown
yaml
2 years ago
2.0 kB
8
Indexable
Resources:
# Create IAM role for CodeBuild event rule
CodeBuildEventRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: "CodeBuildEventRole"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service: "events.amazonaws.com"
Action: "sts:AssumeRole"
Policies:
- PolicyName: "CodeBuildEventPolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "sns:Publish"
Resource: !Ref SnsTopicArn # Replace with ARN of SNS topic
# Create IAM role for SNS topic
SnsTopicRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: "SnsTopicRole"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service: "sns.amazonaws.com"
Action: "sts:AssumeRole"
Policies:
- PolicyName: "SnsTopicPolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "sns:Publish"
Resource: !Ref SnsTopicArn # Replace with ARN of SNS topic
# Create CloudWatch Events rule
CodeBuildEventRule:
Type: "AWS::Events::Rule"
Properties:
Name: "CodeBuildEventRule"
Description: "Trigger SNS topic when CodeBuild succeeds or fails"
EventPattern:
source:
- "aws.codebuild"
detail-type:
- "CodeBuild Build State Change"
detail:
'build-status':
- "SUCCEEDED"
- "FAILED"
resources:
- !Sub "arn:${AWS::Partition}:codebuild:${AWS::Region}:${AWS::AccountId}:project/${CodeBuildProjectName}"
Targets:
- Id: "Target1"
Arn: !Ref SnsTopicArn # Replace with ARN of SNS topic
RoleArn: !GetAtt [CodeBuildEventRole, Arn] # Use CodeBuildEventRole
Editor is loading...