@@ -230,6 +230,395 @@ Object {
230230}
231231`
232232
233+ exports [` The GuInstanceRole construct should be possible to create multiple instance roles in a single stack 1` = `
234+ Object {
235+ " Parameters" Object {
236+ " DistributionBucketName" Object {
237+ " Default" " /account/services/artifact.bucket"
238+ " Description" " SSM parameter containing the S3 bucket name holding distribution artifacts"
239+ " Type" " AWS::SSM::Parameter::Value<String>"
240+ },
241+ " LoggingStreamName" Object {
242+ " Default" " /account/services/logging.stream.name"
243+ " Description" " SSM parameter containing the Name (not ARN) on the kinesis stream"
244+ " Type" " AWS::SSM::Parameter::Value<String>"
245+ },
246+ " Stage" Object {
247+ " AllowedValues" Array [
248+ " CODE"
249+ " PROD"
250+ ],
251+ " Default" " CODE"
252+ " Description" " Stage name"
253+ " Type" " String"
254+ },
255+ },
256+ " Resources" Object {
257+ " DescribeEC2PolicyFF5F9295" Object {
258+ " Properties" Object {
259+ " PolicyDocument" Object {
260+ " Statement" Array [
261+ Object {
262+ " Action" Array [
263+ " autoscaling:DescribeAutoScalingInstances"
264+ " autoscaling:DescribeAutoScalingGroups"
265+ " ec2:DescribeTags"
266+ " ec2:DescribeInstances"
267+ ],
268+ " Effect" " Allow"
269+ " Resource" " *"
270+ },
271+ ],
272+ " Version" " 2012-10-17"
273+ },
274+ " PolicyName" " describe-ec2-policy"
275+ " Roles" Array [
276+ Object {
277+ " Ref" " InstanceRoleMy-first-app"
278+ },
279+ Object {
280+ " Ref" " InstanceRoleMy-second-app"
281+ },
282+ ],
283+ },
284+ " Type" " AWS::IAM::Policy"
285+ },
286+ " GetDistributablePolicyMyfirstapp9CD90B92" Object {
287+ " Properties" Object {
288+ " PolicyDocument" Object {
289+ " Statement" Array [
290+ Object {
291+ " Action" " s3:GetObject"
292+ " Effect" " Allow"
293+ " Resource" Object {
294+ " Fn::Join" Array [
295+ " "
296+ Array [
297+ " arn:aws:s3:::"
298+ Object {
299+ " Ref" " DistributionBucketName"
300+ },
301+ " /test-stack/"
302+ Object {
303+ " Ref" " Stage"
304+ },
305+ " /my-first-app/*"
306+ ],
307+ ],
308+ },
309+ },
310+ ],
311+ " Version" " 2012-10-17"
312+ },
313+ " PolicyName" " GetDistributablePolicyMyfirstapp9CD90B92"
314+ " Roles" Array [
315+ Object {
316+ " Ref" " InstanceRoleMy-first-app"
317+ },
318+ ],
319+ },
320+ " Type" " AWS::IAM::Policy"
321+ },
322+ " GetDistributablePolicyMysecondappA8D9FE69" Object {
323+ " Properties" Object {
324+ " PolicyDocument" Object {
325+ " Statement" Array [
326+ Object {
327+ " Action" " s3:GetObject"
328+ " Effect" " Allow"
329+ " Resource" Object {
330+ " Fn::Join" Array [
331+ " "
332+ Array [
333+ " arn:aws:s3:::"
334+ Object {
335+ " Ref" " DistributionBucketName"
336+ },
337+ " /test-stack/"
338+ Object {
339+ " Ref" " Stage"
340+ },
341+ " /my-second-app/*"
342+ ],
343+ ],
344+ },
345+ },
346+ ],
347+ " Version" " 2012-10-17"
348+ },
349+ " PolicyName" " GetDistributablePolicyMysecondappA8D9FE69"
350+ " Roles" Array [
351+ Object {
352+ " Ref" " InstanceRoleMy-second-app"
353+ },
354+ ],
355+ },
356+ " Type" " AWS::IAM::Policy"
357+ },
358+ " GuLogShippingPolicy981BFE5A" Object {
359+ " Properties" Object {
360+ " PolicyDocument" Object {
361+ " Statement" Array [
362+ Object {
363+ " Action" Array [
364+ " kinesis:Describe*"
365+ " kinesis:Put*"
366+ ],
367+ " Effect" " Allow"
368+ " Resource" Object {
369+ " Fn::Join" Array [
370+ " "
371+ Array [
372+ " arn:aws:kinesis:"
373+ Object {
374+ " Ref" " AWS::Region"
375+ },
376+ " :"
377+ Object {
378+ " Ref" " AWS::AccountId"
379+ },
380+ " :stream/"
381+ Object {
382+ " Ref" " LoggingStreamName"
383+ },
384+ ],
385+ ],
386+ },
387+ },
388+ ],
389+ " Version" " 2012-10-17"
390+ },
391+ " PolicyName" " GuLogShippingPolicy981BFE5A"
392+ " Roles" Array [
393+ Object {
394+ " Ref" " InstanceRoleMy-first-app"
395+ },
396+ Object {
397+ " Ref" " InstanceRoleMy-second-app"
398+ },
399+ ],
400+ },
401+ " Type" " AWS::IAM::Policy"
402+ },
403+ " InstanceRoleMy-first-app" Object {
404+ " Properties" Object {
405+ " AssumeRolePolicyDocument" Object {
406+ " Statement" Array [
407+ Object {
408+ " Action" " sts:AssumeRole"
409+ " Effect" " Allow"
410+ " Principal" Object {
411+ " Service" Object {
412+ " Fn::Join" Array [
413+ " "
414+ Array [
415+ " ec2."
416+ Object {
417+ " Ref" " AWS::URLSuffix"
418+ },
419+ ],
420+ ],
421+ },
422+ },
423+ },
424+ ],
425+ " Version" " 2012-10-17"
426+ },
427+ " Path" " /"
428+ " Tags" Array [
429+ Object {
430+ " Key" " App"
431+ " Value" " my-first-app"
432+ },
433+ Object {
434+ " Key" " gu:cdk:version"
435+ " Value" " TEST"
436+ },
437+ Object {
438+ " Key" " Stack"
439+ " Value" " test-stack"
440+ },
441+ Object {
442+ " Key" " Stage"
443+ " Value" Object {
444+ " Ref" " Stage"
445+ },
446+ },
447+ ],
448+ },
449+ " Type" " AWS::IAM::Role"
450+ },
451+ " InstanceRoleMy-second-app" Object {
452+ " Properties" Object {
453+ " AssumeRolePolicyDocument" Object {
454+ " Statement" Array [
455+ Object {
456+ " Action" " sts:AssumeRole"
457+ " Effect" " Allow"
458+ " Principal" Object {
459+ " Service" Object {
460+ " Fn::Join" Array [
461+ " "
462+ Array [
463+ " ec2."
464+ Object {
465+ " Ref" " AWS::URLSuffix"
466+ },
467+ ],
468+ ],
469+ },
470+ },
471+ },
472+ ],
473+ " Version" " 2012-10-17"
474+ },
475+ " Path" " /"
476+ " Tags" Array [
477+ Object {
478+ " Key" " App"
479+ " Value" " my-second-app"
480+ },
481+ Object {
482+ " Key" " gu:cdk:version"
483+ " Value" " TEST"
484+ },
485+ Object {
486+ " Key" " Stack"
487+ " Value" " test-stack"
488+ },
489+ Object {
490+ " Key" " Stage"
491+ " Value" Object {
492+ " Ref" " Stage"
493+ },
494+ },
495+ ],
496+ },
497+ " Type" " AWS::IAM::Role"
498+ },
499+ " ParameterStoreReadMyfirstappBCF3BB3A" Object {
500+ " Properties" Object {
501+ " PolicyDocument" Object {
502+ " Statement" Array [
503+ Object {
504+ " Action" " ssm:GetParametersByPath"
505+ " Effect" " Allow"
506+ " Resource" Object {
507+ " Fn::Join" Array [
508+ " "
509+ Array [
510+ " arn:aws:ssm:"
511+ Object {
512+ " Ref" " AWS::Region"
513+ },
514+ " :"
515+ Object {
516+ " Ref" " AWS::AccountId"
517+ },
518+ " :parameter/"
519+ Object {
520+ " Ref" " Stage"
521+ },
522+ " /test-stack/my-first-app"
523+ ],
524+ ],
525+ },
526+ },
527+ ],
528+ " Version" " 2012-10-17"
529+ },
530+ " PolicyName" " parameter-store-read-policy"
531+ " Roles" Array [
532+ Object {
533+ " Ref" " InstanceRoleMy-first-app"
534+ },
535+ ],
536+ },
537+ " Type" " AWS::IAM::Policy"
538+ },
539+ " ParameterStoreReadMysecondapp7B80ABE2" Object {
540+ " Properties" Object {
541+ " PolicyDocument" Object {
542+ " Statement" Array [
543+ Object {
544+ " Action" " ssm:GetParametersByPath"
545+ " Effect" " Allow"
546+ " Resource" Object {
547+ " Fn::Join" Array [
548+ " "
549+ Array [
550+ " arn:aws:ssm:"
551+ Object {
552+ " Ref" " AWS::Region"
553+ },
554+ " :"
555+ Object {
556+ " Ref" " AWS::AccountId"
557+ },
558+ " :parameter/"
559+ Object {
560+ " Ref" " Stage"
561+ },
562+ " /test-stack/my-second-app"
563+ ],
564+ ],
565+ },
566+ },
567+ ],
568+ " Version" " 2012-10-17"
569+ },
570+ " PolicyName" " parameter-store-read-policy"
571+ " Roles" Array [
572+ Object {
573+ " Ref" " InstanceRoleMy-second-app"
574+ },
575+ ],
576+ },
577+ " Type" " AWS::IAM::Policy"
578+ },
579+ " SSMRunCommandPolicy244E1613" Object {
580+ " Properties" Object {
581+ " PolicyDocument" Object {
582+ " Statement" Array [
583+ Object {
584+ " Action" Array [
585+ " ec2messages:AcknowledgeMessage"
586+ " ec2messages:DeleteMessage"
587+ " ec2messages:FailMessage"
588+ " ec2messages:GetEndpoint"
589+ " ec2messages:GetMessages"
590+ " ec2messages:SendReply"
591+ " ssm:UpdateInstanceInformation"
592+ " ssm:ListInstanceAssociations"
593+ " ssm:DescribeInstanceProperties"
594+ " ssm:DescribeDocumentParameters"
595+ " ssmmessages:CreateControlChannel"
596+ " ssmmessages:CreateDataChannel"
597+ " ssmmessages:OpenControlChannel"
598+ " ssmmessages:OpenDataChannel"
599+ ],
600+ " Effect" " Allow"
601+ " Resource" " *"
602+ },
603+ ],
604+ " Version" " 2012-10-17"
605+ },
606+ " PolicyName" " ssm-run-command-policy"
607+ " Roles" Array [
608+ Object {
609+ " Ref" " InstanceRoleMy-first-app"
610+ },
611+ Object {
612+ " Ref" " InstanceRoleMy-second-app"
613+ },
614+ ],
615+ },
616+ " Type" " AWS::IAM::Policy"
617+ },
618+ },
619+ }
620+ `
621+
233622exports [` The GuInstanceRole construct should create an additional logging policy if logging stream is specified 1` = `
234623Object {
235624 " Parameters" Object {
0 commit comments