Influxdata
/
docs-v2
mirror of https://github.com/influxdata/docs-v2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add CircleCI user to CF template

pull/14/head
Gunnar Aasen 2019-01-18 22:24:10 -08:00
parent 9bf5dc473f
commit d896905723
1 changed files with 52 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
deploy/docs-website.yml
View File

@ -19,11 +19,12 @@ Parameters:
AcmCertificateArn: AcmCertificateArn:
Type: String Type: String
Description: > Description: >
The ARN of the SSL certificate to use for the CloudFront distribution. The ARN of the SSL certificate to use for the CloudFront
distribution.
DomainName: DomainName:
Type: String Type: String
Description: The website domain name. Description: The docs website domain name.
Default: dev.docs.influxdata.com Default: dev.docs.influxdata.com
############################################################################### ###############################################################################
@ -33,8 +34,14 @@ Outputs:
DocsProdBucketArn: DocsProdBucketArn:
Description: The ARN of the S3 bucket hosting the static content. Description: The ARN of the S3 bucket hosting the static content.
Value: !GetAtt DocsV2Bucket.Arn Value: !GetAtt DocsV2Bucket.Arn
Export:
Name: !Sub ${AWS::StackName}-bucket-arn DocsCircleCIDeployAccessKeyId:
Description: The access key ID for CircleCI deployment to S3.
Value: !Ref DocsCircleCIDeployAccessKey
DocsCircleCIDeploySecretAccessKey:
Description: The secret access key for CircleCI deployment to S3.
Value: !GetAtt DocsCircleCIDeployAccessKey.SecretAccessKey
############################################################################### ###############################################################################
Resources: Resources:
@ -42,6 +49,7 @@ Resources:
DocsCloudFrontDistribution: DocsCloudFrontDistribution:
Type: AWS::CloudFront::Distribution Type: AWS::CloudFront::Distribution
Description: The
Properties: Properties:
DistributionConfig: DistributionConfig:
Aliases: Aliases:
@ -65,17 +73,17 @@ Resources:
HttpVersion: http2 HttpVersion: http2
Origins: Origins:
- DomainName: - DomainName:
!Join [ "", [ !Ref DocsV2Bucket, ".s3.amazonaws.com" ] ] !Sub "${DocsV2Bucket}.s3.amazonaws.com"
Id: !Ref DocsV2Bucket Id: !Ref DocsV2Bucket
S3OriginConfig: S3OriginConfig:
OriginAccessIdentity: OriginAccessIdentity:
!Join [ "", [ "origin-access-identity/cloudfront/", !Ref DocsCloudFrontOriginAccessIdentity ] ] !Sub "origin-access-identity/cloudfront/${DocsCloudFrontOriginAccessIdentity}"
- DomainName: - DomainName:
!Join [ "", [ !Ref DocsV1Bucket, ".s3.amazonaws.com" ] ] !Sub "${DocsV1Bucket}.s3.amazonaws.com"
Id: !Ref DocsV1Bucket Id: !Ref DocsV1Bucket
S3OriginConfig: S3OriginConfig:
OriginAccessIdentity: OriginAccessIdentity:
!Join [ "", [ "origin-access-identity/cloudfront/", !Ref DocsCloudFrontOriginAccessIdentity ] ] !Sub "origin-access-identity/cloudfront/${DocsCloudFrontOriginAccessIdentity}"
PriceClass: PriceClass_100 PriceClass: PriceClass_100
ViewerCertificate: ViewerCertificate:
AcmCertificateArn: !Ref AcmCertificateArn AcmCertificateArn: !Ref AcmCertificateArn
@ -113,7 +121,7 @@ Resources:
Action: Action:
- s3:GetObject - s3:GetObject
Effect: Allow Effect: Allow
Resource: !Join [ "", [ "arn:aws:s3:::", !Ref DocsV2Bucket, "/*" ] ] Resource: !Sub "arn:aws:s3:::${DocsV2Bucket}/*"
Principal: Principal:
CanonicalUser: !GetAtt DocsCloudFrontOriginAccessIdentity.S3CanonicalUserId CanonicalUser: !GetAtt DocsCloudFrontOriginAccessIdentity.S3CanonicalUserId
@ -139,15 +147,14 @@ Resources:
Action: Action:
- s3:GetObject - s3:GetObject
Effect: Allow Effect: Allow
Resource: !Join [ "", [ "arn:aws:s3:::", !Ref DocsV1Bucket, "/*" ] ] Resource: !Sub "arn:aws:s3:::${DocsV1Bucket}/*"
Principal: Principal:
CanonicalUser: !GetAtt DocsCloudFrontOriginAccessIdentity.S3CanonicalUserId CanonicalUser: !GetAtt DocsCloudFrontOriginAccessIdentity.S3CanonicalUserId
DocsOriginRequestRewriteLambda: DocsOriginRequestRewriteLambda:
Type: AWS::Lambda::Function Type: AWS::Lambda::Function
Properties: Properties:
Description: > Description: Lambda function performing request URI rewriting.
Lambda function performing request URI rewriting.
Code: Code:
ZipFile: | ZipFile: |
const config = { const config = {
@ -228,3 +235,36 @@ Resources:
- sts:AssumeRole - sts:AssumeRole
ManagedPolicyArns: ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
DocsCircleCIDeployUser:
Type: AWS::IAM::User
Properties:
Policies:
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetBucketLocation
Resource:
- !Sub "arn:aws:s3:::${DocsV2Bucket}"
- !Sub "arn:aws:s3:::${DocsV1Bucket}"
- Effect: Allow
Action:
- s3:PutObject
- s3:PutObjectAcl
- s3:DeleteObject
Resource:
- !Sub "arn:aws:s3:::${DocsV2Bucket}/*"
- !Sub "arn:aws:s3:::${DocsV1Bucket}/*"
- Effect: Allow
Action:
- cloudfront:GetDistribution
- cloudfront:CreateInvalidation
Resource: !Sub "arn:aws:cloudfront::${AWS::AccountId}:distribution/${DocsCloudFrontDistribution}"
DocsCircleCIDeployAccessKey:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref DocsCircleCIDeployUser