@@ -24,14 +24,15 @@ Resources:
2424 Type : " AWS::IAM::Role"
2525 Properties :
2626 RoleName : !Sub "GitHub-CI-${ProjectName}-Role-${AWS::Region}"
27- MaxSessionDuration : 3600
27+ MaxSessionDuration : 7200
2828 Description : " Access DDB, KMS, Resources for CI from GitHub"
2929 ManagedPolicyArns :
3030 - " arn:aws:iam::370957321024:policy/ESDK-Dafny-DDB-ReadWriteDelete-us-west-2"
3131 - " arn:aws:iam::370957321024:policy/Hierarchical-GitHub-KMS-Key-Policy"
3232 - " arn:aws:iam::370957321024:policy/KMS-Public-CMK-EncryptDecrypt-Key-Access"
3333 - " arn:aws:iam::370957321024:policy/RSA-GitHub-KMS-Key-Policy"
3434 - " arn:aws:iam::370957321024:policy/Github-ECDH-KMS"
35+ - !Ref ESDKPerformanceBenchmarksCloudWatchPolicy
3536 AssumeRolePolicyDocument : !Sub |
3637 {
3738 "Version": "2012-10-17",
@@ -45,7 +46,10 @@ Resources:
4546 "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
4647 },
4748 "StringLike": {
48- "token.actions.githubusercontent.com:sub": "repo:${GitHubRepo}:*"
49+ "token.actions.githubusercontent.com:sub": [
50+ "repo:aws/aws-encryption-sdk:*",
51+ "repo:aws/aws-encryption-sdk-c:*"
52+ ]
4953 }
5054 }
5155 },
@@ -174,3 +178,18 @@ Resources:
174178 Resource :
175179 - !Sub " arn:aws:kms:eu-west-1:658956600833:key/*"
176180 - !Sub " arn:aws:kms:eu-west-1:658956600833:alias/*"
181+
182+ ESDKPerformanceBenchmarksCloudWatchPolicy :
183+ Type : " AWS::IAM::ManagedPolicy"
184+ Properties :
185+ ManagedPolicyName : " ESDK-Performance-Benchmarks-CloudWatch"
186+ PolicyDocument :
187+ Version : " 2012-10-17"
188+ Statement :
189+ - Effect : Allow
190+ Action :
191+ - logs:CreateLogGroup
192+ - logs:CreateLogStream
193+ - logs:PutLogEvents
194+ - logs:DescribeLogStreams
195+ Resource : " arn:aws:logs:*:*:log-group:aws-esdk-performance-benchmarks:*"
0 commit comments