From d969373d21ce365ab89327a1c37c8cbf4cbfbd3e Mon Sep 17 00:00:00 2001
From: EC2 Default User <ec2-user@ip-172-31-4-139.ec2.internal>
Date: Thu, 2 Aug 2018 07:05:05 +0000
Subject: [PATCH] updating the extensions

---
 backend-service/common-iam.yml                | 20 ------------------
 custom-iam-policy/env-iam.yml                 | 21 +++++++++++++++++++
 custom-iam-policy/mu-extension.yml            |  8 +++++++
 {backend-service => internal-alb}/elb.yml     |  0
 .../mu-extension.yml                          |  2 +-
 mu.yml                                        |  3 ++-
 6 files changed, 32 insertions(+), 22 deletions(-)
 delete mode 100644 backend-service/common-iam.yml
 create mode 100644 custom-iam-policy/env-iam.yml
 create mode 100644 custom-iam-policy/mu-extension.yml
 rename {backend-service => internal-alb}/elb.yml (100%)
 rename {backend-service => internal-alb}/mu-extension.yml (89%)

diff --git a/backend-service/common-iam.yml b/backend-service/common-iam.yml
deleted file mode 100644
index b801ced..0000000
--- a/backend-service/common-iam.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-Resources:
-  CloudFormationRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Path: "/"
-      Policies:
-        - PolicyName: update-route53-additional
-          PolicyDocument:
-            Version: '2012-10-17'
-            Statement:
-            - Action:
-              - route53:CreateHostedZone
-              - route53:GetHostedZone
-              - route53:DeleteHostedZone
-              - route53:UpdateHostedZoneComment
-              - route53:ListQueryLoggingConfigs
-              - iam:CreateServiceLinkedRole 
-              Resource: '*'
-              Effect: Allow
diff --git a/custom-iam-policy/env-iam.yml b/custom-iam-policy/env-iam.yml
new file mode 100644
index 0000000..b97f17a
--- /dev/null
+++ b/custom-iam-policy/env-iam.yml
@@ -0,0 +1,21 @@
+---
+Resources:
+  CloudFormationRoleAddlPolicy:
+    Type: AWS::IAM::Policy
+    Properties: 
+      PolicyName: 
+        Fn::Sub: ${Namespace}-update-route53-additional-${EnvironmentName}
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+        - Action:
+          - route53:CreateHostedZone
+          - route53:GetHostedZone
+          - route53:DeleteHostedZone
+          - route53:UpdateHostedZoneComment
+          - route53:ListQueryLoggingConfigs
+          - iam:CreateServiceLinkedRole 
+          Resource: '*'
+          Effect: Allow
+      Roles:
+      - Fn::Sub: ${Namespace}-cloudformation-common-${AWS::Region}
diff --git a/custom-iam-policy/mu-extension.yml b/custom-iam-policy/mu-extension.yml
new file mode 100644
index 0000000..0515350
--- /dev/null
+++ b/custom-iam-policy/mu-extension.yml
@@ -0,0 +1,8 @@
+name: custom-iam-policy
+version: 1.0
+
+templateUpdateMode: merge
+
+# Note: the filename must match the asset being extended.
+# see https://github.com/stelligent/mu/tree/develop/templates/assets for
+# filenames.
diff --git a/backend-service/elb.yml b/internal-alb/elb.yml
similarity index 100%
rename from backend-service/elb.yml
rename to internal-alb/elb.yml
diff --git a/backend-service/mu-extension.yml b/internal-alb/mu-extension.yml
similarity index 89%
rename from backend-service/mu-extension.yml
rename to internal-alb/mu-extension.yml
index 8fe7fdb..563ca13 100644
--- a/backend-service/mu-extension.yml
+++ b/internal-alb/mu-extension.yml
@@ -1,4 +1,4 @@
-name: backend-service
+name: internal-alb
 version: 1.0
 
 templateUpdateMode: merge
diff --git a/mu.yml b/mu.yml
index 96d7bd7..68bb426 100644
--- a/mu.yml
+++ b/mu.yml
@@ -10,4 +10,5 @@ service:
     production:
       disabled: true
 extensions:
-  - url: backend-service
+  - url: custom-iam-policy
+  - url: internal-alb