Tags: cloudposse/terraform-aws-codebuild
Tags
feat: custom policy + hardened trust relationship (#132) * feat: add condition to trust policy adding a condition on the trust policy for the codebuild project arn ensures the iam role can not be used by any other codebuild project. codebuild projects could be extremely permissive, even when least privileged so enforcing the role can only be used by the intended codebuild project limits to ability for a threat actor to quietly take control of a powerful role and do threat actory things. * feat: support custom iam policy the default permissions are good for getting up and running, however, they are far more permissive than any least privileged policy would like, being `*` for all resources for anything in the default list + any and all additional_permissions. this allows users to still utilize the quick up and running policy, while also being able to disable it and replace it with a least privileged custom policy. the lifecycle rule ensure that users don't get confused by additional permissions and custom policy variables, failing on a plan if they attempt to use additional_permissions with default_permissions_enabled set to `false`. * test: update tests for new functionality ```terraform --- PASS: TestExamplesCustom (62.77s) --- PASS: TestExamplesComplete (62.87s) --- PASS: TestExamplesVPC (78.32s) PASS ok github.com/cloudposse/terraform-aws-codebuild 78.790s ``` * docs: update
feat: custom policy + hardened trust relationship (#132) * feat: add condition to trust policy adding a condition on the trust policy for the codebuild project arn ensures the iam role can not be used by any other codebuild project. codebuild projects could be extremely permissive, even when least privileged so enforcing the role can only be used by the intended codebuild project limits to ability for a threat actor to quietly take control of a powerful role and do threat actory things. * feat: support custom iam policy the default permissions are good for getting up and running, however, they are far more permissive than any least privileged policy would like, being `*` for all resources for anything in the default list + any and all additional_permissions. this allows users to still utilize the quick up and running policy, while also being able to disable it and replace it with a least privileged custom policy. the lifecycle rule ensure that users don't get confused by additional permissions and custom policy variables, failing on a plan if they attempt to use additional_permissions with default_permissions_enabled set to `false`. * test: update tests for new functionality ```terraform --- PASS: TestExamplesCustom (62.77s) --- PASS: TestExamplesComplete (62.87s) --- PASS: TestExamplesVPC (78.32s) PASS ok github.com/cloudposse/terraform-aws-codebuild 78.790s ``` * docs: update
Fix bucket settings (#130) * Fix bucket ACL * Fix bucket ACL * Fix bucket ACL * Fix bucket ACL * Fix bucket ACL * Fix bucket ACL * Fix bucket ACL * Fix bucket ACL * Update main.tf Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * readme * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings * Fix bucket settings --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Add support for path and permissions_boundary to IAM role (#99) * Add support for path and permissions_boundary to IAM role * Auto Format * Also need to support path for IAM policy * Auto Format * Update variables.tf * Auto Format Co-authored-by: Gibby <git@twoitguys> Co-authored-by: cloudpossebot <[email protected]> Co-authored-by: nitrocode <[email protected]>
Add requested inputs (#111) * Add file_system_locations * Auto Format * Add encryption_key * Auto Format * Add build_image_pull_credentials_type * Auto Format * Add s3_cache_bucket_name * Auto Format * Update main.tf Co-authored-by: cloudpossebot <[email protected]>
Add `description` and `concurrent_build_limit` to `aws_codebuild_proj… …ect` (#89) * feat: allows user to input a description for the codebuild project * feat: allows user to input a description for the codebuild project * feat: allows user to input a concurrent_build_limit for the codebuild project * Auto Format * fix: integer is number for Terraform * Auto Format * Update variables.tf Co-authored-by: Vladimir <[email protected]> * Auto Format * Update variables.tf * Auto Format Co-authored-by: Guillaume DONVAL <[email protected]> Co-authored-by: cloudpossebot <[email protected]> Co-authored-by: nitrocode <[email protected]> Co-authored-by: Vladimir <[email protected]>
PreviousNext