Skip to content

Commit

Permalink
Limit adf-state-machine-role to what is needed (#657)
Browse files Browse the repository at this point in the history
  • Loading branch information
faridnsh authored Oct 30, 2023
1 parent d808737 commit cda2846
Showing 1 changed file with 4 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1199,9 +1199,6 @@ Resources:
- Effect: "Allow"
Principal:
Service:
- events.amazonaws.com
- lambda.amazonaws.com
- sns.amazonaws.com
- states.amazonaws.com
Action: "sts:AssumeRole"
Path: "/"
Expand All @@ -1214,8 +1211,10 @@ Resources:
Action:
- "lambda:InvokeFunction"
- "sns:Publish"
- "states:StartExecution"
Resource: "*"
Resource:
- !GetAtt EnableCrossAccountAccess.Arn
- !GetAtt CheckPipelineStatus.Arn
- !GetAtt PipelineSNSTopic.TopicArn

LambdaInvokePermission:
Type: AWS::Lambda::Permission
Expand Down

0 comments on commit cda2846

Please sign in to comment.