diff --git a/pipeline/cfn-deploypipeline-s3.yaml b/pipeline/cfn-deploypipeline-s3.yaml index 6fbea6a..2c7a6a3 100644 --- a/pipeline/cfn-deploypipeline-s3.yaml +++ b/pipeline/cfn-deploypipeline-s3.yaml @@ -171,7 +171,9 @@ Resources: - 'lambda:ListFunctions' - 'lambda:InvokeAsyc' Effect: Allow - Resource: '*' + Resource: + - arn:aws:s3:::my-bucket + - arn:aws:lambda:*:*:function:my-function Pipeline: Type: AWS::CodePipeline::Pipeline Properties: @@ -263,56 +265,4 @@ Resources: Owner: AWS Provider: Lambda Version: 1 - Configuration: - FunctionName: !Ref LambdaSlackNotify - IamRoleLambdaSlackNotify: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: '2012-10-17' - Statement: - - - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - Action: - - sts:AssumeRole - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - Path: "/" - IamPolicyLambdaSlackNotify1: - Type: AWS::IAM::Policy - Properties: - PolicyName: CodePipelineAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - - Effect: Allow - Action: - - codepipeline:Get* - - codepipeline:PutJob* - Resource: "*" - Roles: - - Ref: IamRoleLambdaSlackNotify - LambdaSlackNotify: - Type: AWS::Serverless::Function - Properties: - Description: Sends CodePipeline events to Slack - Runtime: python2.7 - CodeUri: ./functions/slack-notify - Handler: handler.handler - MemorySize: 128 - Timeout: 30 - Role: !GetAtt IamRoleLambdaSlackNotify.Arn - Environment: - Variables: - SLACK_CHANNEL_NAME: - !Ref SlackChannelName - SLACK_WEBHOOK_URL: - !Ref SlackWebhookUrl - SERVICE_NAME: - !Ref ServiceName - STAGE: - !Ref Stage + \ No newline at end of file