removed excess permissions

coralogix · Jul 15, 2024 · 30baef5 · 30baef5
1 parent 702a45d
commit 30baef5
Showing 1 changed file with 1 addition and 19 deletions.
diff --git a/template.yaml b/template.yaml
@@ -1015,12 +1015,6 @@ Resources:
       Runtime: python3.12
       Timeout: 900
       Policies:
-      - Statement:
-        - Sid: IAMAccess
-          Effect: Allow
-          Action:
-          - iam:*
-          Resource: '*'
       - Statement:
         - Sid: EC2Access
           Effect: Allow
@@ -1032,18 +1026,6 @@ Resources:
             - 'ec2:DescribeSubnets'
             - 'ec2:DescribeSecurityGroups'
           Resource: '*'
-      - Statement:
-        - Sid: SQSAccess
-          Effect: Allow
-          Action:
-          - sqs:*
-          Resource: '*'
-      - Statement:
-        - Sid: SNSAccess
-          Effect: Allow
-          Action:
-          - sns:*
-          Resource: '*'
       - Statement:
         - Sid: LambdaAccess
           Effect: Allow
@@ -1058,7 +1040,7 @@ Resources:
           - lambda:CreateEventSourceMapping
           - lambda:DeleteEventSourceMapping
           - lambda:UpdateEventSourceMapping
-          Resource: '*'
+          Resource: !GetAtt LambdaFunction.Arn
       - Statement:
         - Sid: S3NotificationPolicy
           Effect: Allow