squidfunk / terraform-aws-github-ci

[DEPRECATED] Serverless CI for GitHub using AWS CodeBuild with PR and status support

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Need to add additional buckets to the codebuild iam role

hussfelt opened this issue · comments

Hey,

I have some needs to push additional resources to another bucket in my build.
Any ideas on how to accomplish that?
If you do - let me know, and I'll implement :)

The codebuild role is exported as an output:

# output.codebuild_service_role_arn
output "codebuild_service_role_arn" {
value = "${aws_iam_role.codebuild.arn}"
}

You could use it to attach further policies like this:

# aws_iam_policy.codebuild
resource "aws_iam_policy" "codebuild" {
name = "${var.namespace}-codebuild"
path = "/${var.namespace}/codebuild/"
policy = "${data.template_file.codebuild_iam_policy.rendered}"
}
# aws_iam_policy_attachment.codebuild
resource "aws_iam_policy_attachment" "codebuild" {
name = "${var.namespace}-codebuild"
policy_arn = "${aws_iam_policy.codebuild.arn}"
roles = ["${aws_iam_role.codebuild.id}"]
}

Yeah, I realised that the morning after :-) Thanks again for this beautiful module! 👍🏻🎉