Skip to content

Commit 8e17691

Browse files
xschildwxschildw
committed
combine synapse-related oidc
1 parent befc4c3 commit 8e17691

File tree

1 file changed

+24
-23
lines changed

1 file changed

+24
-23
lines changed

org-formation/650-identity-providers/_tasks.yaml

Lines changed: 24 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -166,6 +166,30 @@ GithubOidcSageBionetworksSynapseDockerRegistry:
166166
- !Ref SynapseProdAccount
167167
Region: us-east-1
168168

169+
GithubOidcSageBionetworksSynapse:
170+
Type: update-stacks
171+
DependsOn: GithubOidcSageBionetworks
172+
Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.7.6/templates/IAM/github-oidc-provider.j2
173+
StackName: !Sub ${resourcePrefix}-${appName}-sage-bionetworks-synapse
174+
Parameters:
175+
ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]
176+
ProviderRoleName: !Sub ${resourcePrefix}-${appName}-sage-bionetworks-synapse
177+
ManagedPolicyArns:
178+
- "arn:aws:iam::aws:policy/AdministratorAccess"
179+
- "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser"
180+
TemplatingContext:
181+
GitHubOrg: "Sage-Bionetworks"
182+
Repositories:
183+
- name: "synapse-docker-registry"
184+
branches: ["*"]
185+
- name: "nbconvert-webapp"
186+
branches: ["master", "develop"]
187+
DefaultOrganizationBinding:
188+
Account:
189+
- !Ref SynapseDevAccount
190+
- !Ref SynapseProdAccount
191+
Region: us-east-1
192+
169193
GithubOidcSageBionetworksGenieBPCInfra:
170194
Type: update-stacks
171195
DependsOn: GithubOidcSageBionetworks
@@ -872,29 +896,6 @@ GithubOidcOpenChallengesDeploy:
872896
- !Ref OpenChallengesProdAccount
873897
Region: us-east-1
874898

875-
GithubOidcNbConvertDeploy:
876-
Type: update-stacks
877-
DependsOn: GithubOidcSageBionetworks
878-
Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.7.6/templates/IAM/github-oidc-provider.j2
879-
StackName: !Sub ${resourcePrefix}-${appName}-nbconvert-deploy
880-
Parameters:
881-
ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]
882-
ProviderRoleName: !Sub ${resourcePrefix}-${appName}-nbconvert-deploy
883-
MaxSessionDuration: 7200
884-
ManagedPolicyArns:
885-
- "arn:aws:iam::aws:policy/AdministratorAccess"
886-
- "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser"
887-
TemplatingContext:
888-
GitHubOrg: "Sage-Bionetworks"
889-
Repositories:
890-
- name: "nbconvert-webapp"
891-
branches: ["master", "develop"]
892-
DefaultOrganizationBinding:
893-
Account:
894-
- !Ref SynapseDevAccount
895-
- !Ref SynapseProdAccount
896-
Region: us-east-1
897-
898899
############################### Managed Policies ###############################
899900
# Managed policies used in github OIDC providers
900901
# Note: Managed policies can be used as work around for the AWS cloudformation

0 commit comments

Comments
 (0)