You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2021/03/09 21:15:07 UTC

[jspwiki] 06/07: Added IAM role stack

This is an automated email from the ASF dual-hosted git repository.

juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git

commit 971d77b31809547bab97f19d3d9cb36c100bb7fc
Author: Julien Masnada <ro...@gmail.com>
AuthorDate: Mon Mar 1 09:20:22 2021 +0100

    Added IAM role stack
---
 .../cloudformation/jspwiki-iam-role.yaml           | 67 ++++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/jspwiki-kendra-searchprovider/cloudformation/jspwiki-iam-role.yaml b/jspwiki-kendra-searchprovider/cloudformation/jspwiki-iam-role.yaml
new file mode 100644
index 0000000..1eb60b4
--- /dev/null
+++ b/jspwiki-kendra-searchprovider/cloudformation/jspwiki-iam-role.yaml
@@ -0,0 +1,67 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: >
+  Create an IAM Role that allows that can be attached to an EC2 Instance Profile in order to access a Kendra Index
+Metadata:
+
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: Parameters related to the Kendra Index and DataSource
+        Parameters:
+          - IndexName
+          - DataSourceName
+    ParameterLabels:
+      IndexName:
+        default: "The Kendra Index's Name"
+      DataSourceName:
+        default: "The Kendra DataSource's Name"
+
+Parameters:
+
+  IndexName:
+    Description: "The name of the Kendra Index to create"
+    Type: String
+    Default: "JSPWikiIndex"
+
+  DataSourceName:
+    Description: "The name of the Kendra DataSource to create"
+    Type: String
+    Default: "JSPWikiDataSource"
+    
+Resources:
+
+  JSPWikiRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: "Allow"
+            Principal:
+              Service:
+                - ec2.amazonaws.com
+            Action:
+              - sts:AssumeRole
+      Path: "/"
+      Policies:
+        - PolicyName: AllowJSPWikiAccessToKendra
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Sid: AllowAccessToListOfIndices
+                Effect: Allow
+                Action:
+                  - kendra:ListIndices
+                Resource: "*"
+              - Sid: AllowAccessToJSPWikiIndex
+                Effect: Allow
+                Action:
+                  - kendra:Query
+                  - kendra:StopDataSourceSyncJob
+                  - kendra:BatchPutDocument
+                  - kendra:StartDataSourceSyncJob
+                  - kendra:ListDataSources
+                  - kendra:BatchDeleteDocument
+                Resource: 
+                  - Fn::Sub: "arn:${AWS::Partition}:kendra:${AWS::Region}:${AWS::AccountId}:index/${IndexName}"
+                  - Fn::Sub: "arn:${AWS::Partition}:kendra:${AWS::Region}:${AWS::AccountId}:index/${IndexName}/data-source/${DataSourceName}"
\ No newline at end of file