Add GitHub Actions workflow and IAM policies

2026-02-10 06:44:57 +00:00 · 2025-12-21 19:51:39 -08:00
parent 990c8971fb
commit 013e0fdf1d
3 changed files with 80 additions and 0 deletions
--- a/terraform/github-role-policy.json
+++ b/terraform/github-role-policy.json
@@ -0,0 +1,27 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:DeleteObject",
+        "s3:ListBucket"
+      ],
+      "Resource": [
+        "arn:aws:s3:::cdn.cloud.gregh.dev",
+        "arn:aws:s3:::cdn.cloud.gregh.dev/*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "cloudfront:CreateInvalidation",
+        "cloudfront:GetInvalidation",
+        "cloudfront:ListInvalidations"
+      ],
+      "Resource": "arn:aws:cloudfront::471112517070:distribution/E31WM23A8TGWZM"
+    }
+  ]
+}