a1d3cf488d
Cloudfront needs CreateOriginAccessIdentity Add profile parameter to setup-iam.yml. Could arguably just use AWS_PROFILE but given that other tasks are using profile, should be consistent.
29 lines
1.1 KiB
JSON
29 lines
1.1 KiB
JSON
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid": "AllowCloudfrontUsage",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"cloudfront:CreateDistribution",
|
|
"cloudfront:CreateDistributionWithTags",
|
|
"cloudfront:CreateCloudFrontOriginAccessIdentity",
|
|
"cloudfront:DeleteDistribution",
|
|
"cloudfront:GetDistribution",
|
|
"cloudfront:GetStreamingDistribution",
|
|
"cloudfront:GetDistributionConfig",
|
|
"cloudfront:GetStreamingDistributionConfig",
|
|
"cloudfront:GetInvalidation",
|
|
"cloudfront:ListDistributions",
|
|
"cloudfront:ListDistributionsByWebACLId",
|
|
"cloudfront:ListInvalidations",
|
|
"cloudfront:ListStreamingDistributions",
|
|
"cloudfront:ListTagsForResource",
|
|
"cloudfront:TagResource",
|
|
"cloudfront:UntagResource",
|
|
"cloudfront:UpdateDistribution"
|
|
],
|
|
"Resource": "*"
|
|
}
|
|
]
|
|
}
|