{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "node-pre-gyp bucket resources",
    "Resources": {
        "BuildUser": {
            "Type": "AWS::IAM::User",
            "Properties": {
                "Policies": [
                    {
                        "PolicyName": "list",
                        "PolicyDocument": {
                            "Statement": [
                                {
                                    "Action": [
                                        "s3:ListBucket"
                                    ],
                                    "Effect": "Allow",
                                    "Resource": [
                                        "arn:aws:s3:::mason-binaries"
                                    ]
                                }
                            ]
                        }
                    },
                    {
                        "PolicyName": "build",
                        "PolicyDocument": {
                            "Statement": [
                                {
                                    "Action": [
                                        "s3:DeleteObject",
                                        "s3:GetObject",
                                        "s3:GetObjectAcl",
                                        "s3:PutObject",
                                        "s3:PutObjectAcl"
                                    ],
                                    "Effect": "Allow",
                                    "Resource": [
                                        "arn:aws:s3:::mason-binaries/*"
                                    ]
                                }
                            ]
                        }
                    }
                ]
            }
        },
        "BuildUserKey": {
            "Type": "AWS::IAM::AccessKey",
            "Properties": {
                "UserName": {
                    "Ref": "BuildUser"
                }
            }
        }
    },
    "Outputs": {
        "AccessKeyId": {
            "Value": {
                "Ref": "BuildUserKey"
            }
        },
        "SecretAccessKey": {
            "Value": {
                "Fn::GetAtt": [
                    "BuildUserKey",
                    "SecretAccessKey"
                ]
            }
        }
    }
}