From a1d3cf488d899890ed1e71d42afdb99ef1630dc5 Mon Sep 17 00:00:00 2001 From: Will Thames Date: Fri, 6 Apr 2018 04:06:04 +1000 Subject: [PATCH] [cloud][test]Add missing IAM policy for cloudfront (#38248) Cloudfront needs CreateOriginAccessIdentity Add profile parameter to setup-iam.yml. Could arguably just use AWS_PROFILE but given that other tasks are using profile, should be consistent. --- hacking/aws_config/setup-iam.yml | 1 + hacking/aws_config/testing_policies/cloudfront-policy.json | 1 + 2 files changed, 2 insertions(+) diff --git a/hacking/aws_config/setup-iam.yml b/hacking/aws_config/setup-iam.yml index fffc04ac72..c1d8dd68cc 100644 --- a/hacking/aws_config/setup-iam.yml +++ b/hacking/aws_config/setup-iam.yml @@ -26,6 +26,7 @@ - name: Get aws account ID aws_caller_facts: + profile: "{{ profile|default(omit) }}" register: aws_caller_facts - name: Set aws_account_fact diff --git a/hacking/aws_config/testing_policies/cloudfront-policy.json b/hacking/aws_config/testing_policies/cloudfront-policy.json index 5bb22ffe5a..057cb586d6 100644 --- a/hacking/aws_config/testing_policies/cloudfront-policy.json +++ b/hacking/aws_config/testing_policies/cloudfront-policy.json @@ -7,6 +7,7 @@ "Action": [ "cloudfront:CreateDistribution", "cloudfront:CreateDistributionWithTags", + "cloudfront:CreateCloudFrontOriginAccessIdentity", "cloudfront:DeleteDistribution", "cloudfront:GetDistribution", "cloudfront:GetStreamingDistribution",