# aws_iam_policy.AWSCodePipelineServiceRole-pipe-eksworkshop-app: resource "aws_iam_policy" "AWSCodePipelineServiceRole-pipe-eksworkshop-app" { description = "Policy used in trust relationship with CodePipeline" name = format("%s-AWSCodePipelineServiceRole-pipe-eksworkshop-app",data.aws_ssm_parameter.tf-eks-id.value) path = "/service-role/" policy = jsonencode( { Statement = [ { Action = [ "iam:PassRole", ] Condition = { StringEqualsIfExists = { "iam:PassedToService" = [ "cloudformation.amazonaws.com", "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "ecs-tasks.amazonaws.com", ] } } Effect = "Allow" Resource = "*" }, { Action = [ "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetRepository", "codecommit:GetUploadArchiveStatus", "codecommit:UploadArchive", ] Effect = "Allow" Resource = "*" }, { Action = [ "codedeploy:CreateDeployment", "codedeploy:GetApplication", "codedeploy:GetApplicationRevision", "codedeploy:GetDeployment", "codedeploy:GetDeploymentConfig", "codedeploy:RegisterApplicationRevision", ] Effect = "Allow" Resource = "*" }, { Action = [ "codestar-connections:UseConnection", ] Effect = "Allow" Resource = "*" }, { Action = [ "elasticbeanstalk:*", "ec2:*", "elasticloadbalancing:*", "autoscaling:*", "cloudwatch:*", "s3:*", "sns:*", "cloudformation:*", "rds:*", "sqs:*", "ecs:*", ] Effect = "Allow" Resource = "*" }, { Action = [ "lambda:InvokeFunction", "lambda:ListFunctions", ] Effect = "Allow" Resource = "*" }, { Action = [ "opsworks:CreateDeployment", "opsworks:DescribeApps", "opsworks:DescribeCommands", "opsworks:DescribeDeployments", "opsworks:DescribeInstances", "opsworks:DescribeStacks", "opsworks:UpdateApp", "opsworks:UpdateStack", ] Effect = "Allow" Resource = "*" }, { Action = [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:UpdateStack", "cloudformation:CreateChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:SetStackPolicy", "cloudformation:ValidateTemplate", ] Effect = "Allow" Resource = "*" }, { Action = [ "codebuild:BatchGetBuilds", "codebuild:StartBuild", "codebuild:BatchGetBuildBatches", "codebuild:StartBuildBatch", ] Effect = "Allow" Resource = "*" }, { Action = [ "devicefarm:ListProjects", "devicefarm:ListDevicePools", "devicefarm:GetRun", "devicefarm:GetUpload", "devicefarm:CreateUpload", "devicefarm:ScheduleRun", ] Effect = "Allow" Resource = "*" }, { Action = [ "servicecatalog:ListProvisioningArtifacts", "servicecatalog:CreateProvisioningArtifact", "servicecatalog:DescribeProvisioningArtifact", "servicecatalog:DeleteProvisioningArtifact", "servicecatalog:UpdateProduct", ] Effect = "Allow" Resource = "*" }, { Action = [ "cloudformation:ValidateTemplate", ] Effect = "Allow" Resource = "*" }, { Action = [ "ecr:DescribeImages", ] Effect = "Allow" Resource = "*" }, { Action = [ "states:DescribeExecution", "states:DescribeStateMachine", "states:StartExecution", ] Effect = "Allow" Resource = "*" }, { Action = [ "appconfig:StartDeployment", "appconfig:StopDeployment", "appconfig:GetDeployment", ] Effect = "Allow" Resource = "*" }, ] Version = "2012-10-17" } ) }