Method: Jets::Resource::Iam::BaseRoleDefinition#definition

Defined in:
lib/jets/resource/iam/base_role_definition.rb

#definitionObject 



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/jets/resource/iam/base_role_definition.rb', line 5

def definition
  logical_id = role_logical_id

  # Do not assign pretty role_name because long controller names might hit the 64-char
  # limit. Also, IAM roles are global, so assigning role names prevents cross region deploys.
  definition = {
    logical_id => {
      type: "AWS::IAM::Role",
      properties: {
        path: "/",
        assume_role_policy_document: {
          version: "2012-10-17",
          statement: [{
            effect: "Allow",
            principal: {service: ["lambda.amazonaws.com"]},
            action: ["sts:AssumeRole"]}
          ]
        }
      }
    }
  }

  definition[logical_id][:properties][:policies] = [
    policy_name: "#{policy_name[0..127]}", # required, limited to 128-chars
    policy_document: policy_document,
  ] unless policy_document['Statement'].empty?

  unless managed_policy_arns.empty?
    definition[logical_id][:properties][:managed_policy_arns] = managed_policy_arns
  end

  definition
end