removed dev and stg roles

eulogio-gutierrez · eulogio-gutierrez · commit 5e539dd756c7 · 2019-08-02T10:54:50.000+01:00
diff --git a/setup-template.yaml b/setup-template.yaml
@@ -71,7 +71,7 @@ Resources:
     Type: AWS::CodeBuild::Project
     Properties:
       Name: !Sub ${ServiceName}-dev
-      ServiceRole: !GetAtt CodebuildDevRole.Arn
+      ServiceRole: !GetAtt CodebuildRole.Arn
       Artifacts:
         Type: no_artifacts
       Environment:
@@ -94,7 +94,7 @@ Resources:
     Type: AWS::CodeBuild::Project
     Properties:
       Name: !Sub ${ServiceName}-stg
-      ServiceRole: !GetAtt CodebuildStgRole.Arn
+      ServiceRole: !GetAtt CodebuildRole.Arn
       Artifacts:
         Type: no_artifacts
       Environment:
@@ -134,7 +134,7 @@ Resources:
               - s3:GetObject
               - s3:List*
               - s3:DeleteObject
-            Resource: !Sub arn:aws:s3:::${ServiceName}-output/*
+            Resource: "*"
           - Effect: Allow
             Action:
               - iam:GetRole
@@ -176,6 +176,7 @@ Resources:
               - cloudformation:DescribeStacks
               - cloudformation:ExecuteChangeSet
               - cloudformation:DescribeChangeSet
+              - cloudformation:DeleteStack
             Resource: !Sub arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/${ServiceName}-*
           - Effect: Allow
             Action:
@@ -186,22 +187,8 @@ Resources:
               - logs:DeleteLogGroup
             Resource: "*"
       Roles:
-        - !Ref CodebuildDevRole
-        - !Ref CodebuildStgRole
-  CodebuildStgPolicy:
-    Type: AWS::IAM::Policy
-    Properties:
-      PolicyName: !Sub ${ServiceName}-codebuild-stg-service-policy
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          - Effect: Allow
-            Action:
-              - cloudformation:DeleteStack
-            Resource: !Sub arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/${ServiceName}-*
-      Roles:
-        - !Ref CodebuildStgRole
-  CodebuildDevRole:
+        - !Ref CodebuildRole
+  CodebuildRole:
     Type: AWS::IAM::Role
     Properties:
       RoleName: !Sub ${ServiceName}-codebuild-dev-service-role
@@ -214,19 +201,6 @@ Resources:
                   - codebuild.amazonaws.com
               Action:
                 - sts:AssumeRole
-  CodebuildStgRole:
-    Type: AWS::IAM::Role
-    Properties:
-      RoleName: !Sub ${ServiceName}-codebuild-stg-service-role
-      AssumeRolePolicyDocument:
-          Version: 2012-10-17
-          Statement:
-            - Effect: Allow
-              Principal:
-                Service:
-                  - codebuild.amazonaws.com
-              Action:
-                - sts:AssumeRole
   CodebuildDevLogGroup:
     Type: AWS::Logs::LogGroup
     Properties:
