From d5d045ff0d3dd409cb79fd68620349263680cafd Mon Sep 17 00:00:00 2001 From: "curly-review[bot]" <203030520+curly-review[bot]@users.noreply.github.com> Date: Thu, 1 May 2025 06:26:45 +0000 Subject: [PATCH] Fix CRLY.01176 --- pipeline/cfn-deploypipeline-s3.yaml | 58 ++--------------------------- 1 file changed, 4 insertions(+), 54 deletions(-) diff --git a/pipeline/cfn-deploypipeline-s3.yaml b/pipeline/cfn-deploypipeline-s3.yaml index 6fbea6a..2c7a6a3 100644 --- a/pipeline/cfn-deploypipeline-s3.yaml +++ b/pipeline/cfn-deploypipeline-s3.yaml @@ -171,7 +171,9 @@ Resources: - 'lambda:ListFunctions' - 'lambda:InvokeAsyc' Effect: Allow - Resource: '*' + Resource: + - arn:aws:s3:::my-bucket + - arn:aws:lambda:*:*:function:my-function Pipeline: Type: AWS::CodePipeline::Pipeline Properties: @@ -263,56 +265,4 @@ Resources: Owner: AWS Provider: Lambda Version: 1 - Configuration: - FunctionName: !Ref LambdaSlackNotify - IamRoleLambdaSlackNotify: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: '2012-10-17' - Statement: - - - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - Action: - - sts:AssumeRole - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - Path: "/" - IamPolicyLambdaSlackNotify1: - Type: AWS::IAM::Policy - Properties: - PolicyName: CodePipelineAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - - Effect: Allow - Action: - - codepipeline:Get* - - codepipeline:PutJob* - Resource: "*" - Roles: - - Ref: IamRoleLambdaSlackNotify - LambdaSlackNotify: - Type: AWS::Serverless::Function - Properties: - Description: Sends CodePipeline events to Slack - Runtime: python2.7 - CodeUri: ./functions/slack-notify - Handler: handler.handler - MemorySize: 128 - Timeout: 30 - Role: !GetAtt IamRoleLambdaSlackNotify.Arn - Environment: - Variables: - SLACK_CHANNEL_NAME: - !Ref SlackChannelName - SLACK_WEBHOOK_URL: - !Ref SlackWebhookUrl - SERVICE_NAME: - !Ref ServiceName - STAGE: - !Ref Stage + \ No newline at end of file