goformation icon indicating copy to clipboard operation
goformation copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Fix AWS::Serverless::{Function,StateMachine}.IAMPolicyDocument schemas

Open tmclaugh opened this issue 3 years ago • 3 comments

A Statement can have an object or an array of objects.

Got tired of VS Code telling me my Policy statements were malformed when in fact they were not. Tested a policy statement string and that did not work. Though I might have just forgotten some needed keys. Can't say for certain.

tmclaugh avatar Feb 21 '22 23:02 tmclaugh

Hi @tmclaugh, can you please send me a concrete example of a statement that should work, but that isn't correctly validated by the schema?

rubenfonseca avatar Feb 22 '22 20:02 rubenfonseca

Here is one:

      Policies:
        - Statement:
          - Effect: Allow
            Action:
              - "dynamodb:PutItem"
              - "dynamodb:GetItem"
              - "dynamodb:UpdateItem"
              - "dynamodb:UpdateItem"
            Resource:
              - !GetAtt DynamoDBTable.Arn
          - Effect: Allow
            Action:
              - logs:CreateLogDelivery
              - logs:GetLogDelivery
              - logs:UpdateLogDelivery
              - logs:DeleteLogDelivery
              - logs:ListLogDeliveries
              - logs:PutResourcePolicy
              - logs:DescribeResourcePolicies
              - logs:DescribeLogGroups
            Resource: '*'
          - Effect: Allow
            Action:
              - logs:CreateLogStream
              - logs:DescribeLogStream
              - logs:DescribeLogGroups
              - logs:PutLogEvents
            Resource:
              - !GetAtt DdbOpsLogGroup.Arn

tmclaugh avatar Feb 22 '22 22:02 tmclaugh

Unfortunately, this is not easy to fix (see my PR where testes are failing). I will need some extra time to think about how to integrate this PR.

rubenfonseca avatar Sep 02 '22 11:09 rubenfonseca