Skip to content

Commit 9cbaed4

Browse files
gudivtgudivt
committed
Updating ARN to meet GovCloud standards
1 parent 9769527 commit 9cbaed4

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

patterns/pattern-2/template.yaml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1308,7 +1308,7 @@ Resources:
13081308
Action:
13091309
- ssm:GetParameter
13101310
Resource:
1311-
- !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${StackName}/FlowDefinitionArn"
1311+
- !Sub "arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${StackName}/FlowDefinitionArn"
13121312
# SageMaker A2I permissions for starting human loops
13131313
- Effect: Allow
13141314
Action:
@@ -1319,7 +1319,7 @@ Resources:
13191319
- Effect: Allow
13201320
Action:
13211321
- sagemaker:StartHumanLoop
1322-
Resource: "arn:aws:sagemaker:*:*:flow-definition/*"
1322+
Resource: !Sub "arn:${AWS::Partition}:sagemaker:*:*:flow-definition/*"
13231323

13241324
ProcessResultsFunctionLogGroup:
13251325
Type: AWS::Logs::LogGroup
@@ -1489,7 +1489,7 @@ Resources:
14891489
Service: lambda.amazonaws.com
14901490
Action: sts:AssumeRole
14911491
ManagedPolicyArns:
1492-
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
1492+
- !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
14931493
Policies:
14941494
- PolicyName: S3AccessPolicy
14951495
PolicyDocument:
@@ -1500,14 +1500,14 @@ Resources:
15001500
- s3:GetObject
15011501
- s3:PutObject
15021502
Resource:
1503-
- !Sub "arn:aws:s3:::${OutputBucket}/*"
1504-
- !Sub "arn:aws:s3:::sagemaker-*/*"
1503+
- !Sub "arn:${AWS::Partition}:s3:::${OutputBucket}/*"
1504+
- !Sub "arn:${AWS::Partition}:s3:::sagemaker-*/*"
15051505
- Effect: Allow
15061506
Action:
15071507
- s3:ListBucket
15081508
Resource:
1509-
- !Sub "arn:aws:s3:::${OutputBucket}"
1510-
- !Sub "arn:aws:s3:::sagemaker-*"
1509+
- !Sub "arn:${AWS::Partition}:s3:::${OutputBucket}"
1510+
- !Sub "arn:${AWS::Partition}:s3:::sagemaker-*"
15111511
- PolicyName: KMSAccessPolicy
15121512
PolicyDocument:
15131513
Version: '2012-10-17'
@@ -1529,7 +1529,7 @@ Resources:
15291529
- dynamodb:DeleteItem
15301530
- dynamodb:Query
15311531
- dynamodb:Scan
1532-
Resource: !Sub "arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${TrackingTable}"
1532+
Resource: !Sub "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${TrackingTable}"
15331533
- PolicyName: StepFunctionsPolicy
15341534
PolicyDocument:
15351535
Version: '2012-10-17'

0 commit comments

Comments
 (0)