feat: updated policy.json (#241)

feat: Updating policy as per least privileged policy & rectify ruby example app
newrelic · Dec 4, 2024 · 9e35bc1 · 9e35bc1
1 parent 3c9ac93
commit 9e35bc1
Show file tree

Hide file tree

Showing 11 changed files with 352 additions and 54 deletions.
diff --git a/examples/terraform/lambda/main.tf b/examples/terraform/lambda/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.8"
+      version = "~> 5.78.0"
     }
   }
 }

diff --git a/examples/terraform/nodejs/.terraform.lock.hcl b/examples/terraform/nodejs/.terraform.lock.hcl
diff --git a/examples/terraform/nodejs/lambda-policy.json b/examples/terraform/nodejs/lambda-policy.json
@@ -2,16 +2,29 @@
   "Version": "2012-10-17",
   "Statement": [
     {
-      "Sid": "",
-      "Action": "logs:*",
       "Effect": "Allow",
+      "Action": [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents"
+      ],
+      "Resource": [
+        "arn:aws:logs:us-east-1:<aws-account-id>:log-group:/aws/lambda/newrelic-terraform-example-nodejs:*"
+      ]
       "Resource": "*"
     },
     {
       "Sid": "",
       "Action": "s3:*",
       "Effect": "Allow",
-      "Resource": "*"
+      "Action": [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents"
+      ],
+      "Resource": [
+        "arn:aws:logs:us-east-1:<aws-account-id>:log-group:/aws/lambda/newrelic-terraform-example-nodejs:*"
+      ]
     }
   ]
-}
+}
diff --git a/examples/terraform/nodejs/main.tf b/examples/terraform/nodejs/main.tf
@@ -4,8 +4,8 @@ module "nodejs_test_function" {
   lambda_function_handler = "app.lambdaHandler"
   wrapper_handler = "newrelic-lambda-wrapper.handler"
   lambda_function_name = "newrelic-terraform-example-nodejs"
-  lambda_runtime = "nodejs14.x"
+  lambda_runtime = "nodejs20.x"
   lambda_zip_filename = "function.zip"
   newrelic_account_id = var.newrelic_account_id
-  newrelic_layer = "arn:aws:lambda:${var.aws_region}:451483290750:layer:NewRelicNodeJS14X:44"
-}
+  newrelic_layer = "arn:aws:lambda:${var.aws_region}:451483290750:layer:NewRelicNodeJS20X:44"
+}
diff --git a/examples/terraform/python/.terraform.lock.hcl b/examples/terraform/python/.terraform.lock.hcl
diff --git a/examples/terraform/python/lambda-policy.json b/examples/terraform/python/lambda-policy.json
@@ -2,16 +2,21 @@
   "Version": "2012-10-17",
   "Statement": [
     {
-      "Sid": "",
-      "Action": "logs:*",
       "Effect": "Allow",
       "Resource": "*"
     },
     {
       "Sid": "",
       "Action": "s3:*",
       "Effect": "Allow",
-      "Resource": "*"
+      "Action": [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents"
+      ],
+      "Resource": [
+        "arn:aws:logs:us-east-1:<aws-account-id>:log-group:/aws/lambda/newrelic-terraform-example-nodejs:*"
+      ]
     }
   ]
-}
+}