Create the greengrass role in cloud formation script (#2080)

* merge * add greengras role for ECR
CGI-FR · Jun 22, 2023 · 33cc3b3 · 33cc3b3
1 parent b1d21ef
commit 33cc3b3
Showing 1 changed file with 28 additions and 1 deletion.
diff --git a/templates/aws/awsdeploy.yml b/templates/aws/awsdeploy.yml
@@ -275,4 +275,31 @@ Resources:
               - Name: PortalName
                 Value: IoT Portal DEMO - AWS
           ImageIdentifier: !Sub '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/iot-hub-portal:latest'
-          ImageRepositoryType: ECR
+          ImageRepositoryType: ECR
+
+#GreenGras role script
+  GreenGrasRole:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: !Join [ "-", [!Ref UniqueSolutionPrefix, "GreenGrass"] ]
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: greengrass.amazonaws.com
+            Action: sts:AssumeRole
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy
+        - arn:aws:iam::aws:policy/AWSGreengrassFullAccess
+      Policies:
+        - PolicyName: ECRPermissions
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                  - ecr:GetAuthorizationToken
+                  - ecr:BatchGetImage
+                  - ecr:GetDownloadUrlForLayer
+                Resource: "*"