Skip to content

Commit

Permalink
Use inline policy to allow assuming cdk* roles
Browse files Browse the repository at this point in the history
  • Loading branch information
@xschildw
xschildw committed Nov 11, 2024
1 parent e19a8ce commit f16de2c
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions org-formation/650-identity-providers/_tasks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -836,8 +836,18 @@ GithubOidcNbConvertDeploy:
ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]
ProviderRoleName: !Sub ${resourcePrefix}-${appName}-nbconvert-deploy
MaxSessionDuration: 7200
ManagedPolicyArns:
- "arn:aws:iam::${AWS::AccountId}:policy/cdk-assume-role-policy"
PolicyDocument: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AssumeRoleStatement",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::${AWS::AccountId}:role/cdk-*-role-*-us-east-1"
}
]
}
TemplatingContext:
GitHubOrg: "Sage-Bionetworks"
Repositories:
Expand Down

0 comments on commit f16de2c

Please sign in to comment.