jenkins-ec2-agents.config.yaml

linux_ami: 'Amzn2_Linux_Jenkins_Agent-*'

iam_policies:
  sts:
    action:
      - sts:AssumeRole
  ecr-mamange-repos:
    action:
      - ecr:*
  s3-list-ciinabox-bucket:
    action:
      - s3:ListBucket
    resource:
      - Fn::Sub: arn:aws:s3:::${S3Bucket}
  s3-rw:
    action:
      - s3:GetObject
      - s3:GetObjectAcl
      - s3:GetObjectVersion
      - s3:PutObject
      - s3:PutObjectAcl
    resource:
      - Fn::Sub: arn:aws:s3:::${S3Bucket}/*
  ssm-ssh-access:
    action:
      - ssm:UpdateInstanceInformation
      - ssm:ListInstanceAssociations
      - ec2messages:GetMessages
      - ssmmessages:CreateControlChannel
      - ssmmessages:CreateDataChannel
      - ssmmessages:OpenControlChannel
      - ssmmessages:OpenDataChannel

ami_finder_custom_resources:
  custom_policies:
    ami:
      action:
        - ec2:DescribeImages
      resource: '*'
    lambda:
      action:
        - lambda:InvokeFunction
      resource:
        Fn::Sub: arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:AmiFinderCR
  roles:
    AmiFinderResource:
      policies_inline:
        - cloudwatch-logs
        - ami
        - lambda
  functions:
    AmiFinderCR:
      code: ami_finder/app.py
      handler: app.handler
      runtime: python3.11
      timeout: 600
      role: AmiFinderResource
      package_cmd: 'pip install -r requirements.txt -t .'