From 8bff7aeacb638667f5dc5f41be6f456c3499d1d0 Mon Sep 17 00:00:00 2001
From: "Eric Z. Beard" <ericzbeard@gmail.com>
Date: Mon, 16 Oct 2023 09:01:37 -0700
Subject: [PATCH] Appsync release (#248)

* Add prod hook role

---------

Co-authored-by: Eric Beard <ezbeard@amazon.com>
---
 .../hook-role-prod.yaml                       | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 hooks/AppSync_BreakingChangeDetection/hook-role-prod.yaml

diff --git a/hooks/AppSync_BreakingChangeDetection/hook-role-prod.yaml b/hooks/AppSync_BreakingChangeDetection/hook-role-prod.yaml
new file mode 100644
index 00000000..005a6c14
--- /dev/null
+++ b/hooks/AppSync_BreakingChangeDetection/hook-role-prod.yaml
@@ -0,0 +1,33 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: >
+  This CloudFormation template creates a role assumed by CloudFormation
+  during Hook operations on behalf of the customer.
+
+Resources:
+  ExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      MaxSessionDuration: 8400
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - hooks.cloudformation.amazonaws.com
+                - resources.cloudformation.amazonaws.com
+            Action: sts:AssumeRole
+      Path: "/"
+      Policies:
+        - PolicyName: HookTypePolicy
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                - "s3:GetObject"
+                Resource: "*"
+Outputs:
+  ExecutionRoleArn:
+    Value:
+      Fn::GetAtt: ExecutionRole.Arn