Skip to content

Commit

Permalink
Drop superfluous IAM permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@jacobwinch
jacobwinch committed Jun 8, 2022
1 parent 1fa8958 commit b56b3ae
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 116 deletions.
100 changes: 0 additions & 100 deletions cdk/lib/__snapshots__/mobile-save-for-later.test.ts.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1318,31 +1318,6 @@ Object {
],
},
},
Object {
"Action": "ssm:GetParametersByPath",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:aws:ssm:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":parameter/mobile-save-for-later/CODE/mobile",
],
],
},
},
Object {
"Action": "cloudwatch:putMetricData",
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"dynamodb:GetItem",
Expand Down Expand Up @@ -1571,31 +1546,6 @@ Object {
],
},
},
Object {
"Action": "ssm:GetParametersByPath",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:aws:ssm:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":parameter/mobile-save-for-later/CODE/mobile",
],
],
},
},
Object {
"Action": "cloudwatch:putMetricData",
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"dynamodb:GetItem",
Expand Down Expand Up @@ -2945,31 +2895,6 @@ Object {
],
},
},
Object {
"Action": "ssm:GetParametersByPath",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:aws:ssm:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":parameter/mobile-save-for-later/PROD/mobile",
],
],
},
},
Object {
"Action": "cloudwatch:putMetricData",
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"dynamodb:GetItem",
Expand Down Expand Up @@ -3198,31 +3123,6 @@ Object {
],
},
},
Object {
"Action": "ssm:GetParametersByPath",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:aws:ssm:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":parameter/mobile-save-for-later/PROD/mobile",
],
],
},
},
Object {
"Action": "cloudwatch:putMetricData",
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"dynamodb:GetItem",
Expand Down
16 changes: 0 additions & 16 deletions cdk/lib/mobile-save-for-later.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,22 +75,6 @@ export class MobileSaveForLater extends GuStack {
);

[saveArticlesLambda, fetchArticlesLambda].map((lambda) => {
// permissions for the departmental standard are provided by cdk 'for free' but we cannot
// use them here because our parameter path used differs from the departmental standard
lambda.addToRolePolicy(
new PolicyStatement({
actions: ["ssm:GetParametersByPath"],
resources: [
`arn:aws:ssm:${this.region}:${this.account}:parameter/${app}/${this.stage}/${this.stack}`,
],
})
);
lambda.addToRolePolicy(
new PolicyStatement({
actions: ["cloudwatch:putMetricData"],
resources: ["*"],
})
);
lambda.addToRolePolicy(
new PolicyStatement({
actions: [
Expand Down

0 comments on commit b56b3ae

Please sign in to comment.