diff --git a/services/admin/serverless.yml b/services/admin/serverless.yml index b68e261e3..ae68fa634 100644 --- a/services/admin/serverless.yml +++ b/services/admin/serverless.yml @@ -27,7 +27,6 @@ provider: path: ${ssm:/configuration/${self:custom.stage}/iam/path, ssm:/configuration/default/iam/path, "/"} permissionsBoundary: !Sub arn:aws:iam::${AWS::AccountId}:policy${self:custom.iamPermissionsBoundaryPolicy} statements: - # Allow DynamoDB access (example permissions) - Effect: Allow Action: - dynamodb:Query @@ -40,14 +39,6 @@ provider: - arn:aws:dynamodb:*:*:table/onemac-develop-one - arn:aws:dynamodb:*:*:table/${self:custom.oneMacTableName} - arn:aws:dynamodb:*:*:table/${self:custom.oneMacTableName}/index/* - - # Allow CreateRole and TagResource actions - - Effect: Allow - Action: - - iam:CreateRole - - iam:TagResource - - iam:PassRole - Resource: "*" environment: NODE_OPTIONS: '--enable-source-maps' @@ -64,6 +55,7 @@ functions: - cognitoUserPool: pool: ${self:custom.stage}-user-pool # Ensure this resolves correctly trigger: PreTokenGeneration + existing: true resetData: handler: ./handlers/resetData.main @@ -104,25 +96,3 @@ functions: handler: ./handlers/insertNotification.main timeout: 180 -resources: - Resources: - IamRoleCustomResourcesLambdaExecution: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: "2012-10-17" - Statement: - - Effect: Allow - Action: sts:AssumeRole - Principal: - Service: lambda.amazonaws.com - Policies: - - PolicyName: CustomResourcePolicy - PolicyDocument: - Version: "2012-10-17" - Statement: - - Effect: Allow - Action: - - iam:CreateRole - - iam:TagResource - Resource: "*"