Merge pull request #919 from edx/feanil/update_cfn_iam

Add an instance profile to forums boxes.

Merge pull request #919 from edx/feanil/update_cfn_iam
Add an instance profile to forums boxes.
b7ab6d2b · Feanil Patel · 22941c38 · 99da90a2 · b7ab6d2b
Commit b7ab6d2b authored Mar 25, 2014 by Feanil Patel
Hide whitespace changes
Inline Side-by-side

Showing with 82 additions and 0 deletions

cloudformation_templates/edx-reference-architecture.json
+82 -0

No files found.
--- a/cloudformation_templates/edx-reference-architecture.json
+++ b/cloudformation_templates/edx-reference-architecture.json
@@ -2951,6 +2951,25 @@
 								} ]
            },
            "Path": "/"
+            "Policies": [ {
+              "PolicyName": "ForumBasePolicy",
+              "PolicyDocument": {
+                "Statement":[
+                  {
+                    "Effect":"Allow",
+                    "Action":[
+                      "cloudformation:DescribeStackResource",
+                      "ses:SendEmail",
+                      "ses:SendRawEmail",
+                      "ses:GetSendQuota",
+                      "ec2:DescribeInstances",
+                      "ec2:DescribeTags"
+                    ],
+                    "Resource":"*"
+                  }
+                ]
+              }
+            } ]
        }
    },
 	  "XqueueInstanceProfile": {
@@ -2975,6 +2994,25 @@
 								} ]
            },
            "Path": "/"
+            "Policies": [ {
+              "PolicyName": "EdxAppBasePolicy",
+              "PolicyDocument": {
+                "Statement":[
+                  {
+                    "Effect":"Allow",
+                    "Action":[
+                      "cloudformation:DescribeStackResource",
+                      "ses:SendEmail",
+                      "ses:SendRawEmail",
+                      "ses:GetSendQuota",
+                      "ec2:DescribeInstances",
+                      "ec2:DescribeTags"
+                    ],
+                    "Resource":"*"
+                  }
+                ]
+              }
+            } ]
        }
    },
 	  "XServerInstanceProfile": {
@@ -2986,6 +3024,49 @@
            } ]
        }
    },
+    "ForumRole": {
+        "Type": "AWS::IAM::Role",
+        "Properties": {
+            "AssumeRolePolicyDocument": {
+                "Statement": [ {
+                    "Effect": "Allow",
+                    "Principal": {
+                        "Service": [ "ec2.amazonaws.com" ]
+                    },
+                    "Action": [ "sts:AssumeRole" ]
+                } ]
+            },
+            "Path": "/"
+            "Policies": [ {
+              "PolicyName": "EdxAppBasePolicy",
+              "PolicyDocument": {
+                "Statement":[
+                  {
+                    "Effect":"Allow",
+                    "Action":[
+                      "cloudformation:DescribeStackResource",
+                      "ses:SendEmail",
+                      "ses:SendRawEmail",
+                      "ses:GetSendQuota",
+                      "ec2:DescribeInstances",
+                      "ec2:DescribeTags"
+                    ],
+                    "Resource":"*"
+                  }
+                ]
+              }
+            } ]
+        }
+    },
+    "ForumInstanceProfile": {
+        "Type": "AWS::IAM::InstanceProfile",
+        "Properties": {
+            "Path": "/",
+            "Roles": [ {
+                "Ref": "ForumRole"
+            } ]
+        }
+    },
    "AdminSecurityGroup":{
      "Type":"AWS::EC2::SecurityGroup",
      "Properties":{
@@ -4880,6 +4961,7 @@
    "ForumServer":{
      "Type":"AWS::AutoScaling::LaunchConfiguration",
      "Properties":{
+        "IamInstanceProfile":{ "Ref":"ForumInstanceProfile" },
        "SecurityGroups":[
          {
            "Ref":"ForumServerSecurityGroup"