Skip to content

Commit

Permalink
Fix inline policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@Rashair
Rashair committed Jun 15, 2020
1 parent 90c6a50 commit 1067d8a
Showing 1 changed file with 19 additions and 28 deletions.
47 changes: 19 additions & 28 deletions serverless-template.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,25 @@
"Role": null,
"Policies": [
"AWSLambdaFullAccess",
"AmazonS3FullAccess",
{"Ref": "DecryptAwsSecretPolicy"},
"AmazonRDSFullAccess"
"AmazonS3FullAccess", {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"kms:Decrypt"
],
"Resource": [
"arn:aws:secretsmanager:*:*:secret:*",
"arn:aws:kms:*:*:key/*",
]
}, {
"Effect": "Allow",
"Action": "kms:ListKeys",
"Resource": "*"
}
]
}
],
"Environment": {
"Variables": {
Expand Down Expand Up @@ -66,31 +82,6 @@
},
"DependsOn": "SecretRDSInstanceAttachment"
},
"DecryptAwsSecretPolicy": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"kms:Decrypt"
],
"Resource": [
"arn:aws:secretsmanager:*:*:secret:*",
"*"
]
}, {
"Effect": "Allow",
"Action": "kms:ListKeys",
"Resource": "*"
}
]
},
"PolicyName": "DecryptSecretPolicy",
}
},
"s3staticcontenthrpotter": {
"Type": "AWS::S3::Bucket",
"Properties": {
Expand Down

0 comments on commit 1067d8a

Please sign in to comment.