convert line delimiter

Rahu2000 · Rahu2000 · commit 9f249f91aef3 · 2019-07-18T17:00:23.000+09:00
fix bug creation instance profile
diff --git a/template/awscli/create_ec2_profile_cross_account b/template/awscli/create_ec2_profile_cross_account
@@ -48,6 +48,17 @@ if [ -z "$CROSS_ACCOUNT_PROFILE" ]; then
     exit 1
 fi
 
+if [ -z "$S3_BUCKET" ]; then
+    echo 'S3 bucket name is required.'
+    exit 1
+fi
+
+if [ -z "$KEY_ALIAS" ]; then
+    echo 'Key alias for CodePipeline is required.'
+    exit 1
+fi
+
+
 KMS_KEY_POLICY_NAME="KMSKeyPolicy-$(aws sts get-caller-identity | jq -r '.Account')-$KEY_ALIAS"
 S3_BUCKET_POLICY_NAME="S3BucketPolicy-$S3_BUCKET"
 
@@ -66,6 +77,7 @@ if [ -z $KMS_KEY_POLICY_ARN ]; then
     KMS_KEY_ALIAS="alias/$KEY_ALIAS"
     KMS_KEY_ID="$(aws kms list-aliases 2> /dev/null | jq -c --arg alias $KMS_KEY_ALIAS '.Aliases[] | select(.AliasName == $alias)' | jq -r '.TargetKeyId')"
     KMS_KEY_ARN="$(aws kms describe-key --key-id $KMS_KEY_ID 2> /dev/null | jq -r '.KeyMetadata.Arn')"
+    REPLACE_STR='\/'
     KMS_KEY_ARN="${KMS_KEY_ARN//\//$REPLACE_STR}"
 
     # Generate temporory policy file
@@ -75,7 +87,7 @@ if [ -z $KMS_KEY_POLICY_ARN ]; then
         > .config/$KMS_KEY_POLICY_FILE_NAME
     
     # create codepipeline service policy
-    KMS_KEY_POLICY_ARN="$(aws iam create-policy --profile $CROSS_ACCOUNT_PROFILE --policy-name $KMS_KEY_POLICY_ARN --path /service-role/ --policy-document file://.config/$KMS_KEY_POLICY_FILE_NAME | jq .Policy.Arn | tr -d \")"
+    KMS_KEY_POLICY_ARN="$(aws iam create-policy --profile $CROSS_ACCOUNT_PROFILE --policy-name $KMS_KEY_POLICY_NAME --path /service-role/ --policy-document file://.config/$KMS_KEY_POLICY_FILE_NAME | jq .Policy.Arn | tr -d \")"
 fi 
 
 # S3 bucket policy
@@ -95,26 +107,26 @@ ROLE_ARN="$(aws iam get-role --profile $CROSS_ACCOUNT_PROFILE --role-name $INSTA
 if [ -z $ROLE_ARN ]; then
     # create ec2 role for codedeploy
     aws iam create-role \
-        --profile $CROSS_ACCOUNT_PROFILE
+        --profile $CROSS_ACCOUNT_PROFILE \
         --role-name $INSTACNE_PROFILE_NAME \
         --path /service-role/ \
         --assume-role-policy-document file://policies/TrustPolicyforEC2.json
 
     # attach policies
     aws iam attach-role-policy \
-        --profile $CROSS_ACCOUNT_PROFILE
+        --profile $CROSS_ACCOUNT_PROFILE \
         --policy-arn $KMS_KEY_POLICY_ARN \
         --role-name $INSTACNE_PROFILE_NAME 
         
     aws iam attach-role-policy \
-        --profile $CROSS_ACCOUNT_PROFILE
+        --profile $CROSS_ACCOUNT_PROFILE \
         --policy-arn $S3_BUCKET_POLICY_ARN \
         --role-name $INSTACNE_PROFILE_NAME
 fi
 
 # Create the instance profile required by EC2 to contain the role
 aws iam create-instance-profile \
-    --profile $CROSS_ACCOUNT_PROFILE
+    --profile $CROSS_ACCOUNT_PROFILE \
     --instance-profile-name $INSTACNE_PROFILE_NAME
 
 # Finally, add the role to the instance profile
diff --git a/template/awscli/policies/CodePipelineServicePolicyforCrossAccount.json b/template/awscli/policies/CodePipelineServicePolicyforCrossAccount.json
@@ -1,10 +1,10 @@
-{
-  "Version": "2012-10-17",
-  "Statement": {
-    "Effect": "Allow",
-    "Action": "sts:AssumeRole",
-    "Resource": [
-      "arn:aws:iam::ACCOUNT-B:role/*"
-    ]
-  }
+{
+  "Version": "2012-10-17",
+  "Statement": {
+    "Effect": "Allow",
+    "Action": "sts:AssumeRole",
+    "Resource": [
+      "arn:aws:iam::ACCOUNT-B:role/*"
+    ]
+  }
 }
diff --git a/template/awscli/policies/KMSServicePolicyforCrossAccount.json b/template/awscli/policies/KMSServicePolicyforCrossAccount.json
@@ -1,18 +1,18 @@
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "kms:DescribeKey",
-        "kms:GenerateDataKey*",
-        "kms:Encrypt",
-        "kms:ReEncrypt*",
-        "kms:Decrypt"
-      ],
-      "Resource": [
-        "KMS-KEY-ARN"
-      ]
-    }
-  ]
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "kms:DescribeKey",
+        "kms:GenerateDataKey*",
+        "kms:Encrypt",
+        "kms:ReEncrypt*",
+        "kms:Decrypt"
+      ],
+      "Resource": [
+        "KMS-KEY-ARN"
+      ]
+    }
+  ]
 }
diff --git a/template/awscli/policies/S3BucketPolicyforEC2InstanceProfilewithCrossAccount.json b/template/awscli/policies/S3BucketPolicyforEC2InstanceProfilewithCrossAccount.json
@@ -1,16 +1,16 @@
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "s3:Get*",
-        "s3:ListBucket"
-      ],
-      "Resource": [
-        "arn:aws:s3:::S3-BUCKET",
-        "arn:aws:s3:::S3-BUCKET/*"
-      ]
-    }
-  ]
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:Get*",
+        "s3:ListBucket"
+      ],
+      "Resource": [
+        "arn:aws:s3:::S3-BUCKET",
+        "arn:aws:s3:::S3-BUCKET/*"
+      ]
+    }
+  ]
 }
