@depup/artillery 2.0.30-depup.0

package/lib/platform/aws/aws-create-sqs-queue.js

@@ -0,0 +1,58 @@
+const {
+  SQSClient,
+  CreateQueueCommand,
+  ListQueuesCommand
+} = require('@aws-sdk/client-sqs');
+const debug = require('debug')('artillery:aws-create-sqs-queue');
+const sleep = require('../../util/sleep');
+
+// TODO: Add timestamp to SQS queue name for automatic GC
+async function createSQSQueue(region, queueName) {
+  const sqs = new SQSClient({
+    region
+  });
+
+  const params = {
+    QueueName: queueName,
+    Attributes: {
+      FifoQueue: 'true',
+      ContentBasedDeduplication: 'false',
+      MessageRetentionPeriod: '1800',
+      VisibilityTimeout: '600'
+    }
+  };
+
+  const result = await sqs.send(new CreateQueueCommand(params));
+  const sqsQueueUrl = result.QueueUrl;
+
+  // Wait for the queue to be available:
+  let waited = 0;
+  let ok = false;
+  while (waited < 120 * 1000) {
+    try {
+      const results = await sqs.send(
+        new ListQueuesCommand({ QueueNamePrefix: queueName })
+      );
+      if (results.QueueUrls && results.QueueUrls.length === 1) {
+        debug('SQS queue created:', queueName);
+        ok = true;
+        break;
+      } else {
+        await sleep(10 * 1000);
+        waited += 10 * 1000;
+      }
+    } catch (_err) {
+      await sleep(10 * 1000);
+      waited += 10 * 1000;
+    }
+  }
+
+  if (!ok) {
+    debug('Time out waiting for SQS queue:', queueName);
+    throw new Error('SQS queue could not be created');
+  }
+
+  return sqsQueueUrl;
+}
+
+module.exports = createSQSQueue;

package/lib/platform/aws/aws-ensure-s3-bucket-exists.js

@@ -0,0 +1,78 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const debug = require('debug')('util:aws:ensureS3BucketExists');
+
+const {
+  S3Client,
+  PutBucketLifecycleConfigurationCommand,
+  CreateBucketCommand,
+  NoSuchBucket
+} = require('@aws-sdk/client-s3');
+
+const getAWSAccountId = require('./aws-get-account-id');
+const createS3Client = require('../aws-ecs/legacy/create-s3-client');
+const { S3_BUCKET_NAME_PREFIX } = require('./constants');
+const { getBucketRegion } = require('./aws-get-bucket-region');
+
+const setBucketLifecyclePolicy = async (
+  bucketName,
+  lifecycleConfigurationRules,
+  region
+) => {
+  const s3 = createS3Client({ region });
+  const params = {
+    Bucket: bucketName,
+    LifecycleConfiguration: {
+      Rules: lifecycleConfigurationRules
+    }
+  };
+  try {
+    await s3.send(new PutBucketLifecycleConfigurationCommand(params));
+  } catch (err) {
+    debug('Error setting lifecycle policy');
+    debug(err);
+  }
+};
+
+// Create an S3 bucket in the given region if it doesn't already exist.
+// By default, the bucket will be created without specifying a specific region.
+// Sometimes we need to use region-specific buckets, e.g. when
+// creating Lambda functions from a zip file in S3 the region of the
+// Lambda and the region of the S3 bucket must match.
+module.exports = async function ensureS3BucketExists(
+  region,
+  lifecycleConfigurationRules = [],
+  withRegionSpecificName = false
+) {
+  const accountId = await getAWSAccountId();
+  let bucketName = `${S3_BUCKET_NAME_PREFIX}-${accountId}`;
+  if (withRegionSpecificName) {
+    bucketName = `${S3_BUCKET_NAME_PREFIX}-${accountId}-${region}`;
+  }
+
+  const s3 = new S3Client({ region });
+
+  let location;
+  try {
+    location = await getBucketRegion(bucketName);
+  } catch (err) {
+    if (err instanceof NoSuchBucket) {
+      await s3.send(new CreateBucketCommand({ Bucket: bucketName }));
+    } else {
+      throw err;
+    }
+  }
+
+  if (lifecycleConfigurationRules.length > 0) {
+    await setBucketLifecyclePolicy(
+      bucketName,
+      lifecycleConfigurationRules,
+      location
+    );
+  }
+
+  debug(bucketName);
+  return bucketName;
+};

package/lib/platform/aws/aws-get-account-id.js

@@ -0,0 +1,26 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const debug = require('debug')('util:aws:getAccountId');
+const { STSClient, GetCallerIdentityCommand } = require('@aws-sdk/client-sts');
+
+module.exports = async function getAccountId(stsOpts = {}) {
+  if (!stsOpts.region) {
+    stsOpts.region = global.artillery.awsRegion || 'us-east-1';
+  }
+
+  if (process.env.ARTILLERY_STS_OPTS) {
+    stsOpts = Object.assign(
+      stsOpts,
+      JSON.parse(process.env.ARTILLERY_STS_OPTS)
+    );
+  }
+
+  const sts = new STSClient(stsOpts);
+  const result = await sts.send(new GetCallerIdentityCommand({}));
+  const awsAccountId = result.Account;
+
+  debug(awsAccountId);
+  return awsAccountId;
+};

package/lib/platform/aws/aws-get-bucket-region.js

@@ -0,0 +1,18 @@
+const { S3Client, GetBucketLocationCommand } = require('@aws-sdk/client-s3');
+
+async function getBucketRegion(bucketName) {
+  const c = new S3Client({ region: global.artillery.awsRegion || 'us-east-1' });
+  const command = new GetBucketLocationCommand({
+    Bucket: bucketName
+  });
+
+  const response = await c.send(command);
+
+  // Buckets is us-east-1 have a LocationConstraint of null
+  const location = response.LocationConstraint || 'us-east-1';
+  return location;
+}
+
+module.exports = {
+  getBucketRegion
+};

package/lib/platform/aws/aws-get-credentials.js

@@ -0,0 +1,28 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const debug = require('debug')('util:aws:getSSOCredentials');
+const { fromSSO } = require('@aws-sdk/credential-providers');
+
+module.exports = getSSOCredentials;
+
+// If SSO is in use and we can acquire fresh credentials, return [true, credentials object]
+// If SSO is in use, but the session is stale, we return [true, {}]
+// If SSO is not in use we return [false, null]
+
+async function getSSOCredentials() {
+  debug('Trying AWS SSO');
+  try {
+    const credentials = await fromSSO()();
+    return [true, credentials];
+  } catch (err) {
+    debug(err);
+
+    if (/SSO.+expired/.test(err.message)) {
+      return [true, null];
+    } else {
+      return [false, null];
+    }
+  }
+}

package/lib/platform/aws/aws-get-default-region.js

@@ -0,0 +1,26 @@
+const { loadConfig } = require('@smithy/node-config-provider');
+const {
+  NODE_REGION_CONFIG_FILE_OPTIONS,
+  NODE_REGION_CONFIG_OPTIONS
+} = require('@smithy/config-resolver');
+const debug = require('debug')('util:aws:get-default-region');
+
+let defaultRegionAlreadyChecked = false;
+let currentDefaultRegion = null;
+
+module.exports = async function getDefaultRegion() {
+  if (!defaultRegionAlreadyChecked) {
+    try {
+      currentDefaultRegion = await loadConfig(
+        NODE_REGION_CONFIG_OPTIONS,
+        NODE_REGION_CONFIG_FILE_OPTIONS
+      )();
+    } catch (err) {
+      debug('default region check:', err);
+    } finally {
+      defaultRegionAlreadyChecked = true;
+    }
+  }
+
+  return currentDefaultRegion;
+};

package/lib/platform/aws/aws-whoami.js

@@ -0,0 +1,15 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const { STSClient, GetCallerIdentityCommand } = require('@aws-sdk/client-sts');
+
+module.exports = async function whoami() {
+  const sts = new STSClient();
+  try {
+    const response = await sts.send(new GetCallerIdentityCommand({}));
+    return response;
+  } catch (stsErr) {
+    return stsErr;
+  }
+};

package/lib/platform/aws/constants.js

@@ -0,0 +1,7 @@
+module.exports = {
+  SQS_QUEUES_NAME_PREFIX: 'artilleryio_test_metrics',
+  S3_BUCKET_NAME_PREFIX: 'artilleryio-test-data',
+  ECS_WORKER_ROLE_NAME: 'artilleryio-ecs-worker-role',
+
+  ARTILLERY_CLUSTER_NAME: 'artilleryio-cluster'
+};

package/lib/platform/aws/iam-cf-templates/aws-iam-fargate-cf-template.yml

@@ -0,0 +1,219 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: "Template to create an IAM Role with an attached policy that provides all necessary permissions for Artillery.io to run distributed tests on AWS Fargate.
+  By default the IAM role is configured to trust your AWS account, meaning it will allow any IAM User, Role or service from your account to assume it. You can restrict the role to allow only by a specific IAM user or role to assume it by filling out the appropriate parameter value below."
+
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: "Restrict to specific IAM User (optional)"
+        Parameters:
+          - User
+      - Label:
+          default: "Restrict to specific IAM Role (optional)"
+        Parameters:
+          - Role
+    ParameterLabels:
+      User:
+        default: "IAM user name or ARN"
+      Role:
+        default: "IAM role name or ARN"
+
+Parameters:
+
+  User:
+    Type: String
+    Default: ""
+    Description: Use when you want to allow the created role to be assumed only by a specific IAM user (by default any user, role or service from your account will be allowed to assume it). Provide the user name or ARN.
+
+  Role:
+    Type: String
+    Default: ""
+    Description: Use when you want to allow the created role to be assumed only by a specific IAM role (by default any user, role or service from your account will be allowed to assume it). Provide the role name or ARN.
+
+Conditions:
+  ShouldTrustAccount:
+    !And 
+      - !Equals [!Ref User, ""]
+      - !Equals [!Ref Role, ""]
+  ShouldTrustUser:
+      !Not [!Equals [!Ref User, ""]]
+  IsUserArn:
+      !Equals [!Select [0, !Split [":", !Ref User]], "arn"]
+  ShouldTrustRole:
+      !Not [!Equals [!Ref Role, ""]]
+  IsRoleArn:
+      !Equals [!Select [0, !Split [":", !Ref Role]], "arn"]
+
+
+Resources:
+  ArtilleryDistributedTestingFargateRole:
+    Type: "AWS::IAM::Role"
+    Properties:
+      RoleName: "ArtilleryDistributedTestingFargateRole"
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: "Allow"
+            Principal:
+              AWS: [
+                !If [ShouldTrustAccount, !Ref "AWS::AccountId", !Ref "AWS::NoValue"],
+                !If [ShouldTrustUser, !If [IsUserArn, !Ref User, !Sub "arn:aws:iam::${AWS::AccountId}:user/${User}"], !Ref "AWS::NoValue"],
+                !If [ShouldTrustRole, !If [IsRoleArn, !Ref Role, !Sub "arn:aws:iam::${AWS::AccountId}:role/${Role}"], !Ref "AWS::NoValue"]
+              ]
+            Action: [
+              "sts:AssumeRole"
+            ]
+            
+      Path: "/"
+      Policies:
+        - PolicyName: "ArtilleryDistributedTestingFargatePolicy"
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Sid: "CreateOrGetECSRole"
+                Effect: "Allow"
+                Action:
+                  - "iam:CreateRole"
+                  - "iam:GetRole"
+                  - "iam:AttachRolePolicy"
+                  - "iam:PassRole"
+                Resource:
+                  Fn::Sub: "arn:aws:iam::${AWS::AccountId}:role/artilleryio-ecs-worker-role"
+              - Sid: "CreateECSPolicy"
+                Effect: "Allow"
+                Action:
+                  - "iam:CreatePolicy"
+                Resource:
+                  Fn::Sub: "arn:aws:iam::${AWS::AccountId}:policy/artilleryio-ecs-worker-policy"
+              - Effect: "Allow"
+                Action:
+                  - "iam:CreateServiceLinkedRole"
+                Resource:
+                  - "arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS*"
+                Condition:
+                  StringLike:
+                    iam:AWSServiceName: "ecs.amazonaws.com"
+              - Effect: "Allow"
+                Action:
+                  - "iam:PassRole"
+                Resource:
+                  - Fn::Sub: "arn:aws:iam::${AWS::AccountId}:role/artilleryio-ecs-worker-role"
+              - Sid: "SQSPermissions"
+                Effect: "Allow"
+                Action:
+                  - "sqs:*"
+                Resource:
+                  Fn::Sub: "arn:aws:sqs:*:${AWS::AccountId}:artilleryio*"
+              - Sid: "SQSListQueues"
+                Effect: "Allow"
+                Action:
+                  - "sqs:ListQueues"
+                Resource: "*"
+              - Sid: "ECSPermissionsGeneral"
+                Effect: "Allow"
+                Action:
+                  - "ecs:ListClusters"
+                  - "ecs:CreateCluster"
+                  - "ecs:RegisterTaskDefinition"
+                  - "ecs:DeregisterTaskDefinition"
+                Resource: "*"
+              - Sid: "ECSPermissionsScopedToCluster"
+                Effect: "Allow"
+                Action:
+                  - "ecs:DescribeClusters"
+                  - "ecs:ListContainerInstances"
+                Resource:
+                  Fn::Sub: "arn:aws:ecs:*:${AWS::AccountId}:cluster/*"
+              - Sid: "ECSPermissionsScopedWithCondition"
+                Effect: "Allow"
+                Action:
+                  - "ecs:SubmitTaskStateChange"
+                  - "ecs:DescribeTasks"
+                  - "ecs:ListTasks"
+                  - "ecs:ListTaskDefinitions"
+                  - "ecs:DescribeTaskDefinition"
+                  - "ecs:StartTask"
+                  - "ecs:StopTask"
+                  - "ecs:RunTask"
+                Condition:
+                  ArnEquals:
+                    ecs:cluster:
+                      Fn::Sub: "arn:aws:ecs:*:${AWS::AccountId}:cluster/*"
+                Resource: "*"
+              - Sid: "S3Permissions"
+                Effect: "Allow"
+                Action:
+                  - "s3:CreateBucket"
+                  - "s3:DeleteObject"
+                  - "s3:GetObject"
+                  - "s3:GetObjectAcl"
+                  - "s3:GetObjectTagging"
+                  - "s3:GetObjectVersion"
+                  - "s3:PutObject"
+                  - "s3:PutObjectAcl"
+                  - "s3:ListBucket"
+                  - "s3:GetBucketLocation"
+                  - "s3:GetBucketLogging"
+                  - "s3:GetBucketPolicy"
+                  - "s3:GetBucketTagging"
+                  - "s3:PutBucketPolicy"
+                  - "s3:PutBucketTagging"
+                  - "s3:PutMetricsConfiguration"
+                  - "s3:GetLifecycleConfiguration"
+                  - "s3:PutLifecycleConfiguration"
+                Resource:
+                  - "arn:aws:s3:::artilleryio-test-data-*"
+                  - "arn:aws:s3:::artilleryio-test-data-*/*"
+              - Sid: "LogsPermissions"
+                Effect: "Allow"
+                Action:
+                  - "logs:PutRetentionPolicy"
+                Resource:
+                  - Fn::Sub: "arn:aws:logs:*:${AWS::AccountId}:log-group:artilleryio-log-group/*"
+              - Effect: "Allow"
+                Action:
+                  - "secretsmanager:GetSecretValue"
+                Resource:
+                  - Fn::Sub: "arn:aws:secretsmanager:*:${AWS::AccountId}:secret:artilleryio/*"
+              - Effect: "Allow"
+                Action:
+                  - "ssm:PutParameter"
+                  - "ssm:GetParameter"
+                  - "ssm:GetParameters"
+                  - "ssm:DeleteParameter"
+                  - "ssm:DescribeParameters"
+                  - "ssm:GetParametersByPath"
+                Resource:
+                  - Fn::Sub: "arn:aws:ssm:us-east-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:us-east-2:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:us-west-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:us-west-2:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:ca-central-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:eu-west-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:eu-west-2:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:eu-west-3:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:eu-central-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:eu-north-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:ap-south-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:ap-east-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:ap-northeast-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:ap-northeast-2:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:ap-southeast-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:ap-southeast-2:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:me-south-1:${AWS::AccountId}:parameter/artilleryio/*"
+                  - Fn::Sub: "arn:aws:ssm:sa-east-1:${AWS::AccountId}:parameter/artilleryio/*"
+              - Effect: "Allow"
+                Action:
+                  - "ec2:DescribeRouteTables"
+                  - "ec2:DescribeVpcs"
+                  - "ec2:DescribeSubnets"
+                Resource: "*"
+
+Outputs:
+  RoleArn:
+    Description: "ARN of the created IAM Role"
+    Value:
+      Fn::GetAtt:
+        - "ArtilleryDistributedTestingFargateRole"
+        - "Arn"

package/lib/platform/aws/iam-cf-templates/aws-iam-lambda-cf-template.yml

@@ -0,0 +1,125 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: Template to create an IAM Role with an attached policy that provides all necessary permissions for Artillery.io to run distributed tests on AWS Lambda. By default the IAM role is configured to trust your AWS account, meaning it will allow any AWS principal (e.g. IAM User, IAM Role) to assume it. You can restrict the role to allow only by a specific IAM user or role to assume it by filling out the appropriate parameter value below.
+
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: "Restrict to specific IAM User (optional)"
+        Parameters:
+          - User
+      - Label:
+          default: "Restrict to specific IAM Role (optional)"
+        Parameters:
+          - Role
+    ParameterLabels:
+      User:
+        default: "IAM user name or ARN"
+      Role:
+        default: "IAM role name or ARN"
+
+Parameters:
+
+  User:
+    Type: String
+    Default: ""
+    Description: Use when you want to allow the created role to be assumed only by a specific IAM user (by default any user, role or service from your account will be allowed to assume it). Provide the user name or ARN.
+
+  Role:
+    Type: String
+    Default: ""
+    Description: Use when you want to allow the created role to be assumed only by a specific IAM role (by default any user, role or service from your account will be allowed to assume it). Provide the role name or ARN.
+
+Conditions:
+  ShouldTrustAccount:
+    !And 
+      - !Equals [!Ref User, ""]
+      - !Equals [!Ref Role, ""]
+  ShouldTrustUser:
+      !Not [!Equals [!Ref User, ""]]
+  IsUserArn:
+      !Equals [!Select [0, !Split [":", !Ref User]], "arn"]
+  ShouldTrustRole:
+      !Not [!Equals [!Ref Role, ""]]
+  IsRoleArn:
+      !Equals [!Select [0, !Split [":", !Ref Role]], "arn"]
+
+
+
+Resources:
+  ArtilleryDistributedTestingLambdaRole:
+    Type: "AWS::IAM::Role"
+    Properties:
+      RoleName: "ArtilleryDistributedTestingLambdaRole"
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: "Allow"
+            Principal:
+              AWS: [
+                !If [ShouldTrustAccount, !Ref "AWS::AccountId", !Ref "AWS::NoValue"],
+                !If [ShouldTrustUser, !If [IsUserArn, !Ref User, !Sub "arn:aws:iam::${AWS::AccountId}:user/${User}"], !Ref "AWS::NoValue"],
+                !If [ShouldTrustRole, !If [IsRoleArn, !Ref Role, !Sub "arn:aws:iam::${AWS::AccountId}:role/${Role}"], !Ref "AWS::NoValue"]
+              ]
+            Action: ["sts:AssumeRole"]
+            
+      Path: "/"
+      Policies:
+        - PolicyName: ArtilleryDistributedTestingLambdaPolicy
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Sid: CreateOrGetLambdaRole
+                Effect: Allow
+                Action:
+                  - iam:CreateRole
+                  - iam:GetRole
+                  - iam:PassRole
+                  - iam:AttachRolePolicy
+                Resource: !Sub "arn:aws:iam::${AWS::AccountId}:role/artilleryio-default-lambda-role-*"
+              - Sid: CreateLambdaPolicy
+                Effect: Allow
+                Action:
+                  - iam:CreatePolicy
+                Resource: !Sub "arn:aws:iam::${AWS::AccountId}:policy/artilleryio-lambda-policy-*"
+              - Sid: SQSPermissions
+                Effect: Allow
+                Action:
+                  - sqs:*
+                Resource: !Sub "arn:aws:sqs:*:${AWS::AccountId}:artilleryio*"
+              - Sid: SQSListQueues
+                Effect: Allow
+                Action:
+                  - sqs:ListQueues
+                Resource: "*"
+              - Sid: LambdaPermissions
+                Effect: Allow
+                Action:
+                  - lambda:InvokeFunction
+                  - lambda:CreateFunction
+                  - lambda:DeleteFunction
+                  - lambda:GetFunctionConfiguration
+                Resource: !Sub "arn:aws:lambda:*:${AWS::AccountId}:function:artilleryio-*"
+              - Sid: EcrPullImagePermissions
+                Effect: Allow
+                Action:
+                  - ecr:GetDownloadUrlForLayer
+                  - ecr:BatchGetImage
+                Resource: "arn:aws:ecr:*:248481025674:repository/artillery-worker"
+              - Sid: S3Permissions
+                Effect: Allow
+                Action:
+                  - s3:CreateBucket
+                  - s3:DeleteObject
+                  - s3:GetObject
+                  - s3:PutObject
+                  - s3:ListBucket
+                  - s3:GetLifecycleConfiguration
+                  - s3:PutLifecycleConfiguration
+                Resource:
+                  - !Sub "arn:aws:s3:::artilleryio-test-data-*"
+                  - !Sub "arn:aws:s3:::artilleryio-test-data-*/*"
+Outputs:
+  RoleArn:
+    Description: ARN of the IAM Role for Artillery.io Lambda functions
+    Value: !GetAtt ArtilleryDistributedTestingLambdaRole.Arn