From ede78b003801260b5f95f8a10bd2f664c1f17179 Mon Sep 17 00:00:00 2001
From: Adam Refaey <dev.adam.refaey@gmail.com>
Date: Thu, 24 Apr 2025 19:36:58 +0200
Subject: [PATCH] Refactor IAM policy to allow access to Perplexity API key
 with wildcard for Secrets Manager

---
 backend/src/iac/backend-stack.ts | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/backend/src/iac/backend-stack.ts b/backend/src/iac/backend-stack.ts
index cdd73ef..a78436b 100644
--- a/backend/src/iac/backend-stack.ts
+++ b/backend/src/iac/backend-stack.ts
@@ -171,18 +171,7 @@ export class BackendStack extends cdk.Stack {
         effect: iam.Effect.ALLOW,
         actions: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'],
         resources: [
-          `arn:aws:secretsmanager:${this.region}:${this.account}:secret:medical-reports-explainer/${props.environment}/perplexity-api-key-*`,
-        ],
-      }),
-    );
-
-    // Add permission to read Perplexity API key from Secrets Manager
-    taskRole.addToPolicy(
-      new iam.PolicyStatement({
-        effect: iam.Effect.ALLOW,
-        actions: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'],
-        resources: [
-          `arn:aws:secretsmanager:${this.region}:${this.account}:secret:med-ai-perplexity-key`,
+          `arn:aws:secretsmanager:${this.region}:${this.account}:secret:med-ai-perplexity-key-*`,
         ],
       }),
     );