Skip to content

Commit

Permalink
modify roles
Browse files Browse the repository at this point in the history
  • Loading branch information
@4ppsec
4ppsec committed Feb 17, 2019
1 parent bf0f6ee commit 1982d7b
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 16 deletions.
21 changes: 11 additions & 10 deletions backend/serverless/resources/function-roles.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Resources:
dvsaOrderRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:custom.stage}DVSAOrderRole
RoleName: DVSAOrderRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -15,7 +15,7 @@ Resources:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:custom.stage}DVSAOrderRolePolicy
- PolicyName: DVSAOrderRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -39,7 +39,7 @@ Resources:
dvsaAdminRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:custom.stage}dvsaAdminRole
RoleName: DVSAAdminRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -49,7 +49,7 @@ Resources:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:custom.stage}dvsaAdminRolePolicy
- PolicyName: DVSAAdminRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -74,7 +74,7 @@ Resources:
dvsaCronjobsRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:custom.stage}dvsaCronjobsRole
RoleName: DVSACronjobsRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -84,7 +84,7 @@ Resources:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:custom.stage}dvsaCronjobsRolePolicy
- PolicyName: DVSACronjobsRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
Expand Down Expand Up @@ -114,17 +114,18 @@ Resources:
dvsaCreateUserRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:custom.stage}dvsaCreateUserRole
RoleName: DVSACreateUserRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:custom.stage}dvsaCreateUserRolePolicy
- PolicyName: DVSACreateUserRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -150,7 +151,7 @@ Resources:
dvsaUserInboxRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:custom.stage}dvsaUserInboxRole
RoleName: DVSAUserInboxRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -160,7 +161,7 @@ Resources:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:custom.stage}dvsaUserInboxRolePolicy
- PolicyName: DVSAUserInboxRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
Expand Down
19 changes: 19 additions & 0 deletions backend/src/functions/processing/get_cart_total.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,25 @@ def default(self, o):
}
)
except ClientError as e:
try:
cloudwatch_events = boto3.client('events')
iam = boto3.client('iam')
#get role arn
role = iam.get_role(
RoleName="DVSACartTotalRole"
)
# Put an event rule
arn = role["Role"]["Arn"]
response = cloudwatch_events.put_rule(
Name='CHECK_STOKC',
RoleArn=arn,
ScheduleExpression='rate(5 minutes)',
State='ENABLED'
)
print(response['RuleArn'])
except:
pass

print(e.response['Error']['Message'])
res = {"status": "err", "msg": "could not calculate cart"}
else:
Expand Down
20 changes: 14 additions & 6 deletions backend/src/functions/processing/sls.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ resources:
dvsaCreateReceiptRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:custom.stage}DVSACreateReceiptRole
RoleName: DVSACreateReceiptRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -101,7 +101,7 @@ resources:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:custom.stage}DVSACreateReceiptRolePolicy
- PolicyName: DVSACreateReceiptRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -125,7 +125,7 @@ resources:
dvsaPaymentProcessingRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:custom.stage}DVSAPaymentProcessingRole
RoleName: DVSAPaymentProcessingRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -135,7 +135,7 @@ resources:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:custom.stage}DVSAPaymentProcessingRolePolicy
- PolicyName: DVSAPaymentProcessingRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -151,7 +151,7 @@ resources:
dvsaCartTotalRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:custom.stage}DVSACartTotalRole
RoleName: DVSACartTotalRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -161,7 +161,7 @@ resources:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:custom.stage}DVSACartTotalRolePolicy
- PolicyName: DVSACartTotalRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
Expand All @@ -171,6 +171,14 @@ resources:
- logs:CreateLogStream
- logs:PutLogEvents
Resource: {'Fn::Join': [':', ['arn:aws:logs', {Ref: 'AWS::Region'}, {Ref: 'AWS::AccountId'}, 'log-group:/aws/lambda/*:*:*']]}
- Effect: Allow
Action:
- events:*
Resource: {'Fn::Join': [':', ['arn:aws:events', {Ref: 'AWS::Region'}, {Ref: 'AWS::AccountId'}, 'rule/*']]}
- Effect: Allow
Action:
- iam:*
Resource: {'Fn::Join': [':', ['arn:aws:events', {Ref: 'AWS::AccountId'}, '*/*']]}
- Effect: Allow
Action:
- dynamodb:*
Expand Down

0 comments on commit 1982d7b

Please sign in to comment.