Skip to content

Commit

Permalink
Remove extra ensure iam statement (#45)
Browse files Browse the repository at this point in the history 
Remove extra statement for `Ensure grains.cluster_name iam role exists`  :smiling_face_with_open_mouth_and_cold_sweat:

@mistercrunch
  • Loading branch information
@hughhhh @lyft-buildnotify-4
hughhhh authored and lyft-buildnotify-4 committed Nov 7, 2017
1 parent 83babff commit c437abf
Showing 1 changed file with 25 additions and 32 deletions.
57 changes: 25 additions & 32 deletions ops/orca/states/superset.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,31 @@ Ensure {{ grains.cluster_name }} iam role exists:
- policies_from_pillars:
- orca_iam_policies
- profile: orca_profile
- policies:
'superset-s3-read-write':
Version: '2012-10-17'
Statement:
- Sid: 'SupersetServiceFullObjectPermissions'
Action:
- 's3:AbortMultipartUpload'
- 's3:Get*'
- 's3:Put*'
- 's3:Delete*'
- 's3:List*'
Effect: 'Allow'
Resource:
- 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
- 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad/*'
- Sid: 'SupersetServiceListPermissions'
Action:
- 's3:List*'
Effect: 'Allow'
Resource:
- 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
Condition:
- 's3:prefix':
- 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
- 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad/*'

Ensure {{ grains.cluster_name }} asg exists:
boto_asg.present:
Expand Down Expand Up @@ -110,37 +135,6 @@ Ensure {{ grains.cluster_name }}-canary asg exists:
- profile: orca_profile
{% endif %}

Ensure {{ grains.cluster_name }} iam role exists:
boto_iam_role.present:
- name: {{ grains.cluster_name }}
- policies_from_pillars:
- orca_iam_policies
- profile: orca_profile
- policies:
'superset-s3-read-write':
Version: '2012-10-17'
Statement:
- Sid: 'SupersetServiceFullObjectPermissions'
Action:
- 's3:AbortMultipartUpload'
- 's3:Get*'
- 's3:Put*'
- 's3:Delete*'
- 's3:List*'
Effect: 'Allow'
Resource:
- 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
- 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad/*'
- Sid: 'SupersetServiceListPermissions'
Action:
- 's3:List*'
Effect: 'Allow'
Resource:
- 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
Condition:
- 's3:prefix':
- 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad'
- 'arn:aws:s3:::lyft-superset-{{grains.service_instance}}-iad/*'

Ensure lyft-superset-{{grains.service_instance}}-iad bucket exists:
boto_s3_bucket.present:
Expand Down Expand Up @@ -175,4 +169,3 @@ Ensure lyft-superset-{{grains.service_instance}}-iad bucket exists:
Condition:
"Null":
"s3:x-amz-server-side-encryption": "true"

0 comments on commit c437abf

Please sign in to comment.