change eproc.tech to example.saasstartupkit.com

2025-07-17 01:42:36 +02:00 · 2019-08-13 16:06:11 -08:00
parent 58d645dacb
commit f03738b772
6 changed files with 121 additions and 19 deletions
--- a/tools/devops/cmd/cicd/service_deploy.go
+++ b/tools/devops/cmd/cicd/service_deploy.go
@ -507,10 +507,8 @@ func NewServiceDeployRequest(log *log.Logger, flags ServiceDeployFlags) (*servic
 						Sid:    "DefaultServiceAccess",
 						Effect: "Allow",
 						Action: []string{
+							"s3:ListBucket",
 							"s3:HeadBucket",
-							"s3:ListObjects",
-							"s3:PutObject",
-							"s3:PutObjectAcl",
 							"cloudfront:ListDistributions",
 							"ec2:DescribeNetworkInterfaces",
 							"ec2:DeleteNetworkInterface",
@ -570,6 +568,33 @@ func NewServiceDeployRequest(log *log.Logger, flags ServiceDeployFlags) (*servic
 				},
 			}

+			if req.S3BucketPublicName != "" || req.S3BucketPrivateName != "" {
+				var bpr []string
+				if req.S3BucketPublicName != "" {
+					bpr = append(bpr, "arn:aws:s3:::"+req.S3BucketPublicName )
+					bpr = append(bpr, "arn:aws:s3:::"+req.S3BucketPublicName + "/*" )
+				}
+				if req.S3BucketPrivateName != "" {
+					bpr = append(bpr, "arn:aws:s3:::"+req.S3BucketPrivateName )
+					bpr = append(bpr, "arn:aws:s3:::"+req.S3BucketPrivateName + "/*" )
+				}
+
+				bp := IamStatementEntry{
+					Sid:    "S3BucketAccess",
+					Effect: "Allow",
+					Action: []string{
+						"s3:ListObjects",
+						"s3:PutObject",
+						"s3:PutObjectAcl",
+						"s3:GetObject",
+						"s3:HeadObject",
+					},
+					Resource: bpr,
+				}
+
+				req.EcsTaskPolicyDocument.Statement = append(req.EcsTaskPolicyDocument.Statement, bp)
+			}
+
 			// Set default Cloudwatch Log Group Name.
 			req.CloudWatchLogGroupName = fmt.Sprintf("logs/env_%s/aws/ecs/cluster_%s/service_%s", req.Env, req.EcsClusterName, req.ServiceName)
 			req.CloudWatchLogGroup = &cloudwatchlogs.CreateLogGroupInput{