Last active
September 15, 2017 11:29
-
-
Save mattbryson/d6fd550b3f72073213d7558f8c2ced68 to your computer and use it in GitHub Desktop.
Revisions
-
mattbryson revised this gist
Sep 15, 2017 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ # An IAM Policy to Automate Deployments to Elastic Beanstalk Recently our automated deployments to EB started failing as AWS had changed the IAM policy requirements. After having updated the policy, I thought it might be useful to share the set up. We use CodeShip as our CI/CD server and this is the IAM policy required to allow it to deploy to EB. -
Sep 15, 2017 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # An IAM Policy to Automate Deployments to Elastic Beanstalk Recently our automated deployments to EB started failing as AWS had changed the policy IAM requirements. After having updated the policy, I thought it might be useful to share the set up. @@ -9,7 +9,7 @@ We use CodeShip as our CI/CD server and this is the IAM policy required to allow This policy sets the minimum requirements that will allow an IAM account to successfully deploy an EB app. # The Policy Where: - {REGION} is your application region -
Sep 15, 2017 . No changes.There are no files selected for viewing
-
Sep 15, 2017 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Sep 15, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,119 @@ #An IAM Policy to Automate Deployments to Elastic Beanstalk Recently our automated deployments to EB started failing as AWS had changed the policy IAM requirements. After having updated the policy, I thought it might be useful to share the set up. We use CodeShip as our CI/CD server and this is the IAM policy required to allow it to deploy to EB. This policy sets the minimum requirements that will allow an IAM account to successfully deploy an EB app. #The Policy Where: - {REGION} is your application region - {ACCOUNT_ID} is you account id ```json { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateApplicationVersion", "elasticbeanstalk:DescribeEnvironments", "elasticbeanstalk:DescribeApplicationVersions", "elasticbeanstalk:DeleteApplicationVersion", "elasticbeanstalk:UpdateEnvironment" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "sns:CreateTopic", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", "sns:Subscribe" ], "Effect": "Allow", "Resource": "arn:aws:sns:{REGION}:{ACCOUNT_ID}:*" }, { "Action": [ "autoscaling:SuspendProcesses", "autoscaling:DescribeScalingActivities", "autoscaling:ResumeProcesses", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudformation:GetTemplate", "cloudformation:DescribeStackResource", "cloudformation:UpdateStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:CancelUpdateStack", "cloudformation:DescribeStackResources", "cloudformation:ListStackResources" ], "Effect": "Allow", "Resource": "arn:aws:cloudformation:{REGION}:{ACCOUNT_ID}:*" }, { "Action": [ "ec2:DescribeImages", "ec2:DescribeKeyPairs", "ec2:DescribeAddresses" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:GetObjectAcl", "s3:ListBucket", "s3:DeleteObject", "s3:GetBucketPolicy", "s3:Get*" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::elasticbeanstalk-{REGION}-{ACCOUNT_ID}", "arn:aws:s3:::elasticbeanstalk-{REGION}-{ACCOUNT_ID}/*" ] }, { "Action": "s3:Get*", "Effect": "Allow", "Resource": "arn:aws:s3:::elasticbeanstalk-*/*" }, { "Action": [ "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "rds:DescribeOrderableDBInstanceOptions", "rds:DescribeDBInstances", "rds:DescribeDBEngineVersions" ], "Effect": "Allow", "Resource": "*" } ] } ```