Appsync release (#248)

* Add prod hook role --------- Co-authored-by: Eric Beard <ezbeard@amazon.com>
aws-cloudformation · Oct 16, 2023 · 8bff7ae · 8bff7ae
1 parent 136baa9
commit 8bff7ae
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/hooks/AppSync_BreakingChangeDetection/hook-role-prod.yaml b/hooks/AppSync_BreakingChangeDetection/hook-role-prod.yaml
@@ -0,0 +1,33 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: >
+  This CloudFormation template creates a role assumed by CloudFormation
+  during Hook operations on behalf of the customer.
+
+Resources:
+  ExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      MaxSessionDuration: 8400
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - hooks.cloudformation.amazonaws.com
+                - resources.cloudformation.amazonaws.com
+            Action: sts:AssumeRole
+      Path: "/"
+      Policies:
+        - PolicyName: HookTypePolicy
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                - "s3:GetObject"
+                Resource: "*"
+Outputs:
+  ExecutionRoleArn:
+    Value:
+      Fn::GetAtt: ExecutionRole.Arn