Skip to content

Commit

Permalink
fix permissions in lambda policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@guyrenny
guyrenny committed Nov 13, 2024
1 parent a66530c commit d4625ff
Showing 1 changed file with 23 additions and 1 deletion.
24 changes: 23 additions & 1 deletion template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -619,7 +619,12 @@ Resources:
- IsPrivateLink
- Effect: Allow
Action:
- "EC2:CreateNetworkInterface"
- 'ec2:CreateNetworkInterface'
- 'ec2:DescribeNetworkInterfaces'
- 'ec2:DescribeVpcs'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DescribeSubnets'
- 'ec2:DescribeSecurityGroups'
Resource: "*"
- !Ref AWS::NoValue

Expand Down Expand Up @@ -701,6 +706,19 @@ Resources:
Resource: !Ref MSKClusterArn
- !Ref AWS::NoValue

- !If
- UseMSK
- Effect: Allow
Action:
- 'ec2:CreateNetworkInterface'
- 'ec2:DescribeNetworkInterfaces'
- 'ec2:DescribeVpcs'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DescribeSubnets'
- 'ec2:DescribeSecurityGroups'
Resource: "*"
- !Ref AWS::NoValue

# Secrets Manager Access
- !If
- ApiKeyIsArn
Expand Down Expand Up @@ -733,10 +751,13 @@ Resources:
Action:
- 'sqs:SendMessage'
- 'sqs:GetQueueAttributes'
- 'sqs:GetQueueUrl'
- 'sqs:ReceiveMessage'
- 'sqs:DeleteMessage'
Resource: !GetAtt DeadLetterQueue.Arn
- !Ref AWS::NoValue
- !If
- DLQEnabled
- Effect: Allow
Action:
- 's3:PutObject'
Expand All @@ -748,6 +769,7 @@ Resources:
Resource:
- !Sub arn:aws:s3:::${DLQS3Bucket}
- !Sub arn:aws:s3:::${DLQS3Bucket}/*
- !Ref AWS::NoValue

WaitAfterRoleUpdate:
Type: Custom::Waiter
Expand Down

0 comments on commit d4625ff

Please sign in to comment.