Skip to content

Commit eecd780

Browse files
shseniorshsenior
committed
Version 1.2.0
1 parent cd35f28 commit eecd780

38 files changed

+52858
-1053
lines changed

.DS_Store

6 KB
Binary file not shown.

deployment/build-s3-dist.sh

+9-2
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,13 @@ export BUCKET_PREFIX=solutions
66
if [ $1 = "mainline" ]; then
77
export BUCKET_PREFIX=solutions-test
88
fi
9-
export OBJECT_PREFIX='aws-instance-scheduler/latest/'
10-
echo "Bucket prefix for distribution '${BUCKET_PREFIX}/${OBJECT_PREFIX}'"
9+
if [ $1 = "feature" ]; then
10+
export BUCKET_PREFIX=solutions-features
11+
fi
12+
echo ${VERSION} > ../source/code/version.txt
13+
14+
export OBJECT_PREFIX='aws-instance-scheduler/${VERSION}/'
15+
echo "Bucket prefix for distribution '${BUCKET_PREFIX}/${VERSION}'"
1116
cd ../source/code
1217
echo "make bucket=${BUCKET_PREFIX} prefix=${OBJECT_PREFIX}"
1318
make bucket=$BUCKET_PREFIX prefix="${OBJECT_PREFIX}"
@@ -16,8 +21,10 @@ echo "mkdir -p dist"
1621
mkdir -p dist
1722

1823
mv instance-scheduler-latest.template dist/instance-scheduler.template
24+
mv instance-scheduler-remote-latest.template dist/instance-scheduler-remote.template
1925
mv scheduler-cli-latest.zip dist/scheduler-cli.zip
2026
mv instance-scheduler-`cat ../source/code/version.txt`.zip dist
27+
2128
rm instance-scheduler-`cat ../source/code/version.txt`.template
2229
rm instance-scheduler-remote-`cat ../source/code/version.txt`.template
2330
rm scheduler-cli-`cat ../source/code/version.txt`.zip

deployment/instance-scheduler-remote.template

+120-42
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"AWSTemplateFormatVersion": "2010-09-09",
3-
"Description": "ECS and RDS scheduler cross account role, version 2.2.2.0",
3+
"Description": "(SO0030) - Instance scheduler cross account role, version %version%",
44
"Parameters": {
55
"InstanceSchedulerAccount": {
66
"Type": "String",
@@ -29,6 +29,16 @@
2929
"Resources": {
3030
"EC2SchedulerCrossAccountRole": {
3131
"Type": "AWS::IAM::Role",
32+
"Metadata": {
33+
"cfn_nag": {
34+
"rules_to_suppress": [
35+
{
36+
"id": "W11",
37+
"reason": "All policies have been scoped to be as restrictive as possible. This solution needs to access ec2/rds resources across all regions."
38+
}
39+
]
40+
}
41+
},
3242
"Properties": {
3343
"AssumeRolePolicyDocument": {
3444
"Version": "2012-10-17",
@@ -53,48 +63,116 @@
5363
}]
5464
},
5565
"Path": "/",
56-
"Policies": [{
57-
"PolicyName": "EC2InstanceSchedulerRemote",
58-
"PolicyDocument": {
59-
"Version": "2012-10-17",
60-
"Statement": [{
61-
"Effect": "Allow",
62-
"Action": [
63-
"ec2:DescribeInstances",
64-
"ec2:StartInstances",
65-
"ec2:StopInstances",
66-
"ec2:ModifyInstanceAttribute",
67-
"ec2:CreateTags",
68-
"ec2:DeleteTags"
69-
],
70-
"Resource": [
71-
"*"
72-
]
73-
}, {
74-
"Effect": "Allow",
75-
"Action": [
76-
"rds:DescribeDBInstances",
77-
"rds:DescribeDBSnapshots",
78-
"rds:StartDBInstance",
79-
"rds:StopDBInstance",
80-
"rds:AddTagsToResource",
81-
"rds:RemoveTagsFromResource",
82-
"rds:DeleteDBSnapshot"
83-
],
84-
"Resource": [
85-
"*"
86-
]
87-
}, {
88-
"Effect": "Allow",
89-
"Action": [
90-
"tag:GetResources"
91-
],
92-
"Resource": [
93-
"*"
66+
"Policies": [
67+
{
68+
"PolicyName": "EC2InstanceSchedulerRemote",
69+
"PolicyDocument": {
70+
"Version": "2012-10-17",
71+
"Statement": [
72+
{
73+
"Effect": "Allow",
74+
"Action": "rds:DeleteDBSnapshot",
75+
"Resource": {
76+
"Fn::Join": [
77+
":",
78+
[
79+
"arn:aws:rds:*",
80+
{
81+
"Ref": "AWS::AccountId"
82+
},
83+
"snapshot:*"
84+
]
85+
]
86+
}
87+
},
88+
{
89+
"Effect": "Allow",
90+
"Action": [
91+
"rds:AddTagsToResource",
92+
"rds:RemoveTagsFromResource",
93+
"rds:DescribeDBSnapshots",
94+
"rds:StartDBInstance",
95+
"rds:StopDBInstance"
96+
],
97+
"Resource": {
98+
"Fn::Join": [
99+
":",
100+
[
101+
"arn:aws:rds:*",
102+
{
103+
"Ref": "AWS::AccountId"
104+
},
105+
"db:*"
106+
]
107+
]
108+
}
109+
},
110+
{
111+
"Effect": "Allow",
112+
"Action": [
113+
"rds:StartDBCluster",
114+
"rds:StopDBCluster"
115+
],
116+
"Resource": [
117+
{
118+
"Fn::Join": [
119+
":",
120+
[
121+
"arn:aws:rds:*",
122+
{
123+
"Ref": "AWS::AccountId"
124+
},
125+
"cluster:*"
126+
]
127+
]
128+
}
129+
]
130+
},
131+
{
132+
"Effect": "Allow",
133+
"Action": [
134+
"ec2:StartInstances",
135+
"ec2:StopInstances",
136+
"ec2:CreateTags",
137+
"ec2:DeleteTags"
138+
],
139+
"Resource": [
140+
{
141+
"Fn::Join": [
142+
":",
143+
[
144+
"arn:aws:ec2:*",
145+
{
146+
"Ref": "AWS::AccountId"
147+
},
148+
"instance/*"
149+
]
150+
]
151+
}
152+
]
153+
},
154+
{
155+
"Effect": "Allow",
156+
"Action": [
157+
"rds:DescribeDBClusters",
158+
"rds:DescribeDBInstances",
159+
160+
"ec2:DescribeInstances",
161+
"ec2:DescribeRegions",
162+
"ec2:ModifyInstanceAttribute",
163+
164+
"ssm:DescribeMaintenanceWindows",
165+
166+
"tag:GetResources"
167+
],
168+
"Resource": [
169+
"*"
170+
]
171+
}
94172
]
95-
}]
173+
}
96174
}
97-
}]
175+
]
98176
}
99177
}
100178
},
@@ -109,4 +187,4 @@
109187
"Description": "Arn for cross account role for Instance scheduler, add this arn to the list of crossaccount roles (CrossAccountRoles) parameter of the Instance Scheduler template."
110188
}
111189
}
112-
}
190+
}

0 commit comments

Comments
 (0)