Added missing 'glue:DeleteResourcePolicy' to pivotRole in YAML and CDK (

#334) ### Feature or Bugfix - Bugfix ### Detail - Added 'glue:DeleteResourcePolicy' in PivotRole stack (CloudFormation YAML and CDK) ### Relates - #317 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
data-dot-all · Mar 6, 2023 · dd5baf9 · dd5baf9
1 parent 6abb70a
commit dd5baf9
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/deploy/pivot_role/pivotRole.yaml b/deploy/pivot_role/pivotRole.yaml
@@ -403,6 +403,7 @@ Resources:
             Effect: Allow
             Action:
               - 'glue:PutResourcePolicy'
+              - 'glue:DeleteResourcePolicy'
               - 'ram:Get*'
               - 'ram:List*'
             Resource: '*'

diff --git a/deploy/pivot_role/pivotRoleCDK/dataall_base_infra.py b/deploy/pivot_role/pivotRoleCDK/dataall_base_infra.py
@@ -492,6 +492,7 @@ def _create_dataall_policy1(self, env_resource_prefix: str) -> iam.ManagedPolicy
                                          sid="RamRead", effect=iam.Effect.ALLOW,
                                          actions=[
                                              "glue:PutResourcePolicy",
+                                             "glue:DeleteResourcePolicy",
                                              "ram:Get*",
                                              "ram:List*"
                                          ],