AWS codepipeline documentation change
Summary
Added 'Service role permissions: AWS Device Farm action' section with DeviceFarm access policy
Security assessment
Specifies required permissions for Device Farm integration without evidence of addressing a security vulnerability
Diff
diff --git a/codepipeline/latest/userguide/action-reference-DeviceFarm.md b/codepipeline/latest/userguide/action-reference-DeviceFarm.md index 6b801a684..2bf89ec7e 100644 --- a/codepipeline/latest/userguide/action-reference-DeviceFarm.md +++ b/codepipeline/latest/userguide/action-reference-DeviceFarm.md @@ -5 +5 @@ -Action typeConfiguration parameters Input artifactsOutput artifactsAction declarationSee also +Action typeConfiguration parameters Input artifactsOutput artifactsService role permissions: AWS Device Farm actionAction declarationSee also @@ -20,0 +21,2 @@ In your pipeline, you can configure a test action that uses AWS Device Farm to r + * Service role permissions: AWS Device Farm action + @@ -270,0 +273,18 @@ The longitude of the device expressed in geographic coordinate system degrees. +## Service role permissions: AWS Device Farm action + +When CodePipeline runs the action, the CodePipeline service role policy requires the following permissions, appropriately scoped down to the pipeline resource ARN in order to maintain access with least privilege. For example, add the following to your policy statement: + + + { + "Effect": "Allow", + "Action": [ + "devicefarm:ListProjects", + "devicefarm:ListDevicePools", + "devicefarm:GetRun", + "devicefarm:GetUpload", + "devicefarm:CreateUpload", + "devicefarm:ScheduleRun" + ], + "Resource": "resource_ARN" + }, + @@ -356 +376 @@ Commands action reference -Amazon Inspector InspectorScan invoke action reference +Elastic Beanstalk deploy action reference