Skip to content

Commit

Permalink
Replace deprecated AWS managed policy for codedeploy (#116)
Browse files Browse the repository at this point in the history 
After March 1, 2021, the AWS managed policies AWSLambdaReadOnlyAccess and AWSLambdaFullAccess will be deprecated and can no longer be attached to new IAM users.

AWS Lambda has introduced a new AWS managed policy.

The AWSLambda_FullAccess policy grants full access to Lambda, Lambda console features, and other related AWS services. This policy was created by scoping down the previous policy AWSLambdaFullAccess.

fixes #115
  • Loading branch information
@valentinpalkovic
valentinpalkovic committed Mar 31, 2021
1 parent 3ee442a commit 3c29abc
Show file tree
Hide file tree
Showing 13 changed files with 16 additions and 16 deletions.
2 changes: 1 addition & 1 deletion fixtures/1.output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -515,7 +515,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess"
"arn:aws:iam::aws:policy/AWSLambda_FullAccess"
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
Expand Down
2 changes: 1 addition & 1 deletion fixtures/10.output.v2-websocket.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -829,7 +829,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess"
"arn:aws:iam::aws:policy/AWSLambda_FullAccess"
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
Expand Down
2 changes: 1 addition & 1 deletion fixtures/11.output.v2-websocket-authorizer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -926,7 +926,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess"
"arn:aws:iam::aws:policy/AWSLambda_FullAccess"
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
Expand Down
2 changes: 1 addition & 1 deletion fixtures/12.output-with-permissions-boundary.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -504,7 +504,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess"
"arn:aws:iam::aws:policy/AWSLambda_FullAccess"
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
Expand Down
2 changes: 1 addition & 1 deletion fixtures/13.output.multiple-function-hooks.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess"
"arn:aws:iam::aws:policy/AWSLambda_FullAccess"
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
Expand Down
2 changes: 1 addition & 1 deletion fixtures/2.output.without-hooks.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -371,7 +371,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess"
"arn:aws:iam::aws:policy/AWSLambda_FullAccess"
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
Expand Down
2 changes: 1 addition & 1 deletion fixtures/5.output.with-trigger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -515,7 +515,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess",
"arn:aws:iam::aws:policy/AWSLambda_FullAccess",
"arn:aws:iam::aws:policy/AmazonSNSFullAccess"
],
"AssumeRolePolicyDocument": {
Expand Down
2 changes: 1 addition & 1 deletion fixtures/6.output.cloudwatch-events-trigger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess"
"arn:aws:iam::aws:policy/AWSLambda_FullAccess"
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
Expand Down
2 changes: 1 addition & 1 deletion fixtures/7.output.cloudwatch-logs-trigger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess"
"arn:aws:iam::aws:policy/AWSLambda_FullAccess"
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
Expand Down
2 changes: 1 addition & 1 deletion fixtures/8.output.sns-subscriptions-trigger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess"
"arn:aws:iam::aws:policy/AWSLambda_FullAccess"
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
Expand Down
2 changes: 1 addition & 1 deletion fixtures/9.output.iot-topic-rule.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -718,7 +718,7 @@
"Properties": {
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess",
"arn:aws:iam::aws:policy/AWSLambda_FullAccess",
"arn:aws:iam::aws:policy/AmazonSNSFullAccess"
],
"AssumeRolePolicyDocument": {
Expand Down
2 changes: 1 addition & 1 deletion lib/CfTemplateGenerators/Iam.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ const _ = require('lodash/fp')
function buildCodeDeployRole (codeDeployRolePermissionsBoundaryArn, areTriggerConfigurationsSet) {
const attachedPolicies = [
'arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited',
'arn:aws:iam::aws:policy/AWSLambdaFullAccess'
'arn:aws:iam::aws:policy/AWSLambda_FullAccess'
]
if (areTriggerConfigurationsSet) {
attachedPolicies.push('arn:aws:iam::aws:policy/AmazonSNSFullAccess')
Expand Down
8 changes: 4 additions & 4 deletions lib/CfTemplateGenerators/Iam.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ describe('Iam', () => {
Properties: {
ManagedPolicyArns: [
'arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited',
'arn:aws:iam::aws:policy/AWSLambdaFullAccess'
'arn:aws:iam::aws:policy/AWSLambda_FullAccess'
],
AssumeRolePolicyDocument: {
Version: '2012-10-17',
Expand All @@ -35,7 +35,7 @@ describe('Iam', () => {
Properties: {
ManagedPolicyArns: [
'arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited',
'arn:aws:iam::aws:policy/AWSLambdaFullAccess',
'arn:aws:iam::aws:policy/AWSLambda_FullAccess',
'arn:aws:iam::aws:policy/AmazonSNSFullAccess'
],
AssumeRolePolicyDocument: {
Expand All @@ -62,7 +62,7 @@ describe('Iam', () => {
Properties: {
ManagedPolicyArns: [
'arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited',
'arn:aws:iam::aws:policy/AWSLambdaFullAccess'
'arn:aws:iam::aws:policy/AWSLambda_FullAccess'
],
AssumeRolePolicyDocument: {
Version: '2012-10-17',
Expand Down Expand Up @@ -201,7 +201,7 @@ describe('Iam', () => {
Properties: {
ManagedPolicyArns: [
'arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited',
'arn:aws:iam::aws:policy/AWSLambdaFullAccess'
'arn:aws:iam::aws:policy/AWSLambda_FullAccess'
],
AssumeRolePolicyDocument: {
Version: '2012-10-17',
Expand Down

0 comments on commit 3c29abc

Please sign in to comment.