Skip to content

fix(sqs): remove 'Batch' permissions #2806

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 11, 2019
Merged

fix(sqs): remove 'Batch' permissions #2806

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@
{
"Action": [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down Expand Up @@ -75,4 +74,4 @@
}
}
}
}
}
3 changes: 0 additions & 3 deletions packages/@aws-cdk/aws-events-targets/test/sqs/sqs.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ test('sns topic as an event rule target', () => {
{
Action: [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down Expand Up @@ -86,7 +85,6 @@ test('multiple uses of a queue as a target results in multi policy statement bec
{
Action: [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand All @@ -112,7 +110,6 @@ test('multiple uses of a queue as a target results in multi policy statement bec
{
Action: [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down
2 changes: 0 additions & 2 deletions packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,8 @@
"Action": [
"sqs:ReceiveMessage",
"sqs:ChangeMessageVisibility",
"sqs:ChangeMessageVisibilityBatch",
"sqs:GetQueueUrl",
"sqs:DeleteMessage",
"sqs:DeleteMessageBatch",
"sqs:GetQueueAttributes"
],
"Effect": "Allow",
Expand Down
2 changes: 0 additions & 2 deletions packages/@aws-cdk/aws-lambda-event-sources/test/test.sqs.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,8 @@ export = {
"Action": [
"sqs:ReceiveMessage",
"sqs:ChangeMessageVisibility",
"sqs:ChangeMessageVisibilityBatch",
"sqs:GetQueueUrl",
"sqs:DeleteMessage",
"sqs:DeleteMessageBatch",
"sqs:GetQueueAttributes"
],
"Effect": "Allow",
Expand Down
1 change: 0 additions & 1 deletion packages/@aws-cdk/aws-s3-notifications/test/queue.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ test('queues can be used as destinations', () => {
{
Action: [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down
5 changes: 1 addition & 4 deletions packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,6 @@
{
"Action": [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down Expand Up @@ -99,7 +98,6 @@
{
"Action": [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down Expand Up @@ -390,7 +388,6 @@
{
"Action": [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down Expand Up @@ -436,4 +433,4 @@
}
}
}
}
}
9 changes: 0 additions & 9 deletions packages/@aws-cdk/aws-sqs/lib/queue-base.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,8 @@ export interface IQueue extends IResource {
* This will grant the following permissions:
*
* - sqs:ChangeMessageVisibility
* - sqs:ChangeMessageVisibilityBatch
* - sqs:DeleteMessage
* - sqs:ReceiveMessage
* - sqs:DeleteMessageBatch
* - sqs:GetQueueAttributes
* - sqs:GetQueueUrl
*
Expand All @@ -59,7 +57,6 @@ export interface IQueue extends IResource {
* This will grant the following permissions:
*
* - sqs:SendMessage
* - sqs:SendMessageBatch
* - sqs:GetQueueAttributes
* - sqs:GetQueueUrl
*
Expand Down Expand Up @@ -147,10 +144,8 @@ export abstract class QueueBase extends Resource implements IQueue {
* This will grant the following permissions:
*
* - sqs:ChangeMessageVisibility
* - sqs:ChangeMessageVisibilityBatch
* - sqs:DeleteMessage
* - sqs:ReceiveMessage
* - sqs:DeleteMessageBatch
* - sqs:GetQueueAttributes
* - sqs:GetQueueUrl
*
Expand All @@ -160,10 +155,8 @@ export abstract class QueueBase extends Resource implements IQueue {
const ret = this.grant(grantee,
'sqs:ReceiveMessage',
'sqs:ChangeMessageVisibility',
'sqs:ChangeMessageVisibilityBatch',
'sqs:GetQueueUrl',
'sqs:DeleteMessage',
'sqs:DeleteMessageBatch',
'sqs:GetQueueAttributes');

if (this.encryptionMasterKey) {
Expand All @@ -179,7 +172,6 @@ export abstract class QueueBase extends Resource implements IQueue {
* This will grant the following permissions:
*
* - sqs:SendMessage
* - sqs:SendMessageBatch
* - sqs:GetQueueAttributes
* - sqs:GetQueueUrl
*
Expand All @@ -188,7 +180,6 @@ export abstract class QueueBase extends Resource implements IQueue {
public grantSendMessages(grantee: iam.IGrantable) {
const ret = this.grant(grantee,
'sqs:SendMessage',
'sqs:SendMessageBatch',
'sqs:GetQueueAttributes',
'sqs:GetQueueUrl');

Expand Down
4 changes: 0 additions & 4 deletions packages/@aws-cdk/aws-sqs/test/test.sqs.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,8 @@ export = {
testGrant((q, p) => q.grantConsumeMessages(p),
'sqs:ReceiveMessage',
'sqs:ChangeMessageVisibility',
'sqs:ChangeMessageVisibilityBatch',
'sqs:GetQueueUrl',
'sqs:DeleteMessage',
'sqs:DeleteMessageBatch',
'sqs:GetQueueAttributes',
);
test.done();
Expand All @@ -124,7 +122,6 @@ export = {
'grantSendMessages'(test: Test) {
testGrant((q, p) => q.grantSendMessages(p),
'sqs:SendMessage',
'sqs:SendMessageBatch',
'sqs:GetQueueAttributes',
'sqs:GetQueueUrl',
);
Expand Down Expand Up @@ -250,7 +247,6 @@ export = {
{
"Action": [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down