Role DSL

Cody can create the IAM service role associated with the codebuild project. Here’s an example:

.cody/role.rb:

iam_policy("logs", "ssm")

For more control, here’s a longer form:

iam_policy(
  action: [
    "logs:CreateLogGroup",
    "logs:CreateLogStream",
    "logs:PutLogEvents",
    "ssm:*",
  ],
  effect: "Allow",
  resource: "*"
)

You can also create managed IAM policy.

managed_iam_policy("AmazonS3ReadOnlyAccess")

You can also add multiple managed IAM policies:

managed_iam_policy("AmazonS3ReadOnlyAccess", "AmazonEC2ReadOnlyAccess")

Full DSL

The convenience methods merely wrap properties of the AWS::IAM::Role CloudFormation Resource. If you wanted to set the CloudFormation properties more directly, here’s an example of using the “Full” DSL.

.cody/role.rb:

assume_role_policy_document(
  statement: [{
    action: ["sts:AssumeRole"],
    effect: "Allow",
    principal: {
      service: ["codebuild.amazonaws.com"]
    }
  }],
  version: "2012-10-17"
)
path("/")
policies([{
  policy_name: "CodeBuildAccess",
  policy_document: {
    version: "2012-10-17",
    statement: [{
      action: [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
      ],
      effect: "Allow",
      resource: "*"
    }]
  }
}])

Pro tip: Use the <- and -> arrow keys to move back and forward.

Edit this page

See a typo or an error? You can improve this page. This website is available on GitHub, and contributions are encouraged and welcomed. We love pull requests from you!