Skip to content

Commit 1cc98f5

Browse files
cnfaitcnfait
committed
[sdlf-cicd] bootstrap reusability for data accounts
1 parent a69dac8 commit 1cc98f5

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

sdlf-cicd/template-cicd-generic-git.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@ Resources:
152152
- !GetAtt rKMSKey.Arn
153153
- Effect: Allow
154154
Action: sts:AssumeRole
155-
Resource: !Sub arn:${AWS::Partition}:iam::${pDataAccountId}:role/sdlf-cicd-codebuild-${AWS::AccountId}-${pCodeBuildSuffix}
155+
Resource: !Sub arn:${AWS::Partition}:iam::*:role/sdlf-cicd-codebuild-${AWS::AccountId}-*
156156

157157
rSdlfBootstrapCodeBuildProject:
158158
Type: AWS::CodeBuild::Project
@@ -370,7 +370,7 @@ Resources:
370370
do
371371
build_id=$(aws codebuild --endpoint-url "$CODEBUILD_ENDPOINT_URL" start-build \
372372
--project-name sdlf-cicd-bootstrap \
373-
--environment-variables-override name=ARTIFACTS_BUCKET,value="$ARTIFACTS_BUCKET" name=TARGET_ACCOUNT,value="$TARGET_ACCOUNT" name=SDLF_CONSTRUCTS,value="$SDLF_CONSTRUCT" name=SDLF_STAGE_CONSTRUCTS,value="" name=DEPLOYMENT_TYPE,value="$DEPLOYMENT_TYPE" \
373+
--environment-variables-override name=TARGET_ACCOUNT_CODEBUILD_ROLE,value="$TARGET_ACCOUNT_CODEBUILD_ROLE" name=ARTIFACTS_BUCKET,value="$ARTIFACTS_BUCKET" name=TARGET_ACCOUNT,value="$TARGET_ACCOUNT" name=SDLF_CONSTRUCTS,value="$SDLF_CONSTRUCT" name=SDLF_STAGE_CONSTRUCTS,value="" name=DEPLOYMENT_TYPE,value="$DEPLOYMENT_TYPE" \
374374
--query "build.id" --output text)
375375
echo "Building $SDLF_CONSTRUCT: $build_id"
376376
build_ids+=("$build_id")
@@ -399,7 +399,7 @@ Resources:
399399
do
400400
build_id=$(aws codebuild --endpoint-url "$CODEBUILD_ENDPOINT_URL" start-build \
401401
--project-name sdlf-cicd-bootstrap \
402-
--environment-variables-override name=ARTIFACTS_BUCKET,value="$ARTIFACTS_BUCKET" name=TARGET_ACCOUNT,value="$TARGET_ACCOUNT" name=SDLF_CONSTRUCTS,value="$SDLF_CONSTRUCT" name=SDLF_STAGE_CONSTRUCTS,value="" name=DEPLOYMENT_TYPE,value="$DEPLOYMENT_TYPE" \
402+
--environment-variables-override name=TARGET_ACCOUNT_CODEBUILD_ROLE,value="$TARGET_ACCOUNT_CODEBUILD_ROLE" name=ARTIFACTS_BUCKET,value="$ARTIFACTS_BUCKET" name=TARGET_ACCOUNT,value="$TARGET_ACCOUNT" name=SDLF_CONSTRUCTS,value="$SDLF_CONSTRUCT" name=SDLF_STAGE_CONSTRUCTS,value="" name=DEPLOYMENT_TYPE,value="$DEPLOYMENT_TYPE" \
403403
--query "build.id" --output text)
404404
echo "Building $SDLF_CONSTRUCT: $build_id"
405405
build_ids+=("$build_id")

0 commit comments

Comments
 (0)