Merge pull request #46 from A-Hilaly/recommended-policy-arn

jaypipes · web-flow · commit 83a3ffe897d9 · 2022-08-23T13:31:56.000-04:00
Scope the `iam:PassRole` in `recommened-inline-policy` to lambda service
diff --git a/config/iam/recommended-inline-policy b/config/iam/recommended-inline-policy
@@ -6,10 +6,19 @@
             "Action": [
                 "lambda:*",
                 "s3:Get*",
-                "ecr:Get*",
-                "iam:PassRole"
+                "ecr:Get*"
             ],
             "Resource": "*"
+        },
+        {
+            "Action": "iam:PassRole",
+            "Condition": {
+              "StringEquals": {
+                "iam:PassedToService": "lambda.amazonaws.com"
+              }
+            },
+            "Effect": "Allow",
+            "Resource": "*"
         }
     ]
 }
