| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 |
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DescribeInstances",
- "ec2:DescribeTags",
- "ec2:RunInstances",
- "ec2:CreateFleet",
- "ec2:CreateTags"
- ],
- "Resource": [
- "*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": "iam:PassRole",
- "Resource": "${arn_runner_instance_role}"
- },
- {
- "Effect": "Allow",
- "Action": [
- "ssm:PutParameter"
- ],
- "Resource": "*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "ssm:GetParameter"
- ],
- "Resource": [
- "${github_app_key_base64_arn}",
- "${github_app_id_arn}"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "sqs:ReceiveMessage",
- "sqs:GetQueueAttributes",
- "sqs:DeleteMessage"
- ],
- "Resource": "${sqs_arn}"
- },
- {
- "Effect": "Allow",
- "Action": [
- "kms:CreateGrant",
- "kms:Decrypt",
- "kms:DescribeKey",
- "kms:Encrypt",
- "kms:GenerateDataKey*",
- "kms:ReEncrypt*"
- ],
- "Resource": "*"
- %{ if kms_key_arn != "" ~}
- },
- {
- "Effect": "Allow",
- "Action": [
- "kms:Decrypt"
- ],
- "Resource": "${kms_key_arn}"
- %{ endif ~}
- }
- ]
- }
|
