Skip to content

Instantly share code, notes, and snippets.

@gergo-dryrun
Created March 19, 2017 17:37
Show Gist options
  • Save gergo-dryrun/b43e6e2d88638c599f610ada00d50fab to your computer and use it in GitHub Desktop.
Save gergo-dryrun/b43e6e2d88638c599f610ada00d50fab to your computer and use it in GitHub Desktop.
Chaining FN::Sub/Select/Split/Ref
LambdaRolePolicies:
Type: AWS::IAM::Policy
Properties:
PolicyName: es-http-permissions
PolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Action:
- s3:ListAllMyBuckets
- s3:GetBucketLocation
Resource: arn:aws:s3:::*
-
Effect: Allow
Action: s3:ListBucket
Resource:
Fn::Sub:
- arn:aws:s3:::${BucketName}
- BucketName:
Fn::Select:
- 0
- Fn::Split: ['/', !Ref ConfigLocation]
-
Effect: Allow
Action: s3:GetObject
Resource: !Sub arn:aws:s3:::${ConfigLocation}
-
Effect: Allow
Action: es:ESHttp*
Resource:
!Sub |-
arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/*
-
Effect: Allow
Action:
- logs:CreateLogGroup
Resource:
!Sub |-
arn:aws:logs:${AWS::Region}:${AWS::AccountId}:*
-
Effect: Allow
Action:
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
!Sub |-
arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/aws-elasticsearch-curator:*
Roles:
-
!Ref LambdaExecutionerRole
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment