fix: Don't add policies to pre-created roles in the stack

clareliguori · clareliguori · commit c40d03a996e2 · 2025-10-16T20:40:34.000-07:00
diff --git a/e2e_tests/setup/integ-test-authentication.yaml b/e2e_tests/setup/integ-test-authentication.yaml
@@ -142,6 +142,7 @@ Resources:
               - "secretsmanager:*"
             Resource:
               - !Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:bedrock-agentcore-identity*"
+              - !Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:Zen*"
           - Effect: Allow
             Action:
               - "s3:GetObject"
diff --git a/examples/servers/dog-facts/lib/dog-facts-mcp-server.ts b/examples/servers/dog-facts/lib/dog-facts-mcp-server.ts
@@ -94,9 +94,6 @@ export class DogFactsMcpServer extends cdk.Stack {
       },
     });
 
-    // Grant the Lambda function permission to read the secret
-    apiKeySecret.grantRead(lambdaFunction);
-
     // Create API Gateway for OAuth-based access
     this.createApiGateway(lambdaFunction, stackNameSuffix);
   }

Original file line number	Diff line number	Diff line change
`@@ -94,9 +94,6 @@ export class DogFactsMcpServer extends cdk.Stack {`
`94`	`94`	`},`
`95`	`95`	`});`
`96`	`96`
`97`		`- // Grant the Lambda function permission to read the secret`
`98`		`- apiKeySecret.grantRead(lambdaFunction);`
`99`		`-`
`100`	`97`	`// Create API Gateway for OAuth-based access`
`101`	`98`	`this.createApiGateway(lambdaFunction, stackNameSuffix);`
`102`	`99`	`}`