Skip to content

Commit b479e40

Browse files
zaro0508zaro0508
authored
[IT-4228] Setup github OIDC access for codeocean-infra (#1322)
We have setup a SageBionetworks-IT/codeocean-infra[1] repo to deploy the code ocean application to AWS. This will allow the repo access to deploy resources to the AWS org-sagebase-codeocean-prod account. [1] https://github.com/Sage-Bionetworks-IT/codeocean-infra
1 parent b27fe0e commit b479e40

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

org-formation/650-identity-providers/_tasks.yaml

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1061,3 +1061,24 @@ SynapseMonorepoCloudfrontAccessPolicy:
10611061
]
10621062
}
10631063
PolicyName: SynapseMonorepoCloudfrontAccessPolicy
1064+
1065+
GithubOidcSageBionetworksItCodeOceanInfra:
1066+
Type: update-stacks
1067+
DependsOn: GithubOidcSageBionetworks
1068+
Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.7.6/templates/IAM/github-oidc-provider.j2
1069+
StackName: !Sub ${resourcePrefix}-${appName}-sage-bionetworks-it-codeocean-infra
1070+
Parameters:
1071+
ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]
1072+
ProviderRoleName: !Sub ${resourcePrefix}-${appName}-sage-bionetworks-it-codeocean-infra
1073+
ManagedPolicyArns:
1074+
- "arn:aws:iam::aws:policy/AdministratorAccess"
1075+
- "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser"
1076+
TemplatingContext:
1077+
GitHubOrg: "Sage-Bionetworks-IT"
1078+
Repositories:
1079+
- name: "codeocean-infra"
1080+
branches: ["main"]
1081+
DefaultOrganizationBinding:
1082+
Account:
1083+
- !Ref CodeOceanProdAccount
1084+
Region: us-east-1

0 commit comments

Comments
 (0)