Skip to content

Commit

Permalink
comment out prod policy example
Browse files Browse the repository at this point in the history
  • Loading branch information
sg committed Jun 24, 2024
1 parent 000e3fc commit 5c27f3d
Showing 1 changed file with 17 additions and 17 deletions.
34 changes: 17 additions & 17 deletions lib/github-actions-policy-stack.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,18 @@ export class GithubActionsPolicyStack extends cdk.Stack {
// Read the ENVIRONMENT variable from Github Actions Runner
const environment= process.env.ENVIRONMENT;

// Example fine grained policy for prod environment
const prodPolicy = new PolicyStatement({
actions: [
"cloudformation:*",
"s3:*",
"iam:*",
"ssm:*"
],
resources: ['*'],
effect: Effect.ALLOW,
sid: 'ProdPolicyGithubActions'
})
// // Example: fine-grained policy for prod environment
// const prodPolicy = new PolicyStatement({
// actions: [
// "cloudformation:*",
// "s3:*",
// "iam:*",
// "ssm:*"
// ],
// resources: ['*'],
// effect: Effect.ALLOW,
// sid: 'ProdPolicyGithubActions'
// })

// If ENVIRONMENT variable is not set, add 'AdministratorAccess' policy to role
// Needed for bootstrapping the environment of each AWS account
Expand All @@ -34,10 +34,10 @@ export class GithubActionsPolicyStack extends cdk.Stack {
role.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));
}

// if prod environment, add correct policy to role.
if (environment === 'prod') {
// Uses the custom prodPolicy set above.
role.addToPrincipalPolicy(prodPolicy);
}
// // Example: if prod environment, used fine-grained prod policy
// if (environment === 'prod') {
// // Uses the custom prodPolicy set above.
// role.addToPrincipalPolicy(prodPolicy);
//}
}
}

0 comments on commit 5c27f3d

Please sign in to comment.