fix: Fixes resource permissions for resource-policy (#1185)

EspenAlbert · web-flow · commit 27e868954bf3 · 2024-10-08T07:27:18.000Z
diff --git a/cfn-resources/resource-policy/mongodb-atlas-resourcepolicy.json b/cfn-resources/resource-policy/mongodb-atlas-resourcepolicy.json
@@ -110,16 +110,24 @@
   "sourceUrl": "https://github.com/mongodb/mongodbatlas-cloudformation-resources/tree/master/cfn-resources/resource-policy",
   "handlers": {
     "create": {
-      "permissions": []
+      "permissions": [
+        "secretsmanager:GetSecretValue"
+      ]
     },
     "read": {
-      "permissions": []
+      "permissions": [
+        "secretsmanager:GetSecretValue"
+      ]
     },
     "update": {
-      "permissions": []
+      "permissions": [
+        "secretsmanager:GetSecretValue"
+      ]
     },
     "delete": {
-      "permissions": []
+      "permissions": [
+        "secretsmanager:GetSecretValue"
+      ]
     }
   },
   "primaryIdentifier": [
diff --git a/cfn-resources/resource-policy/resource-role.yaml b/cfn-resources/resource-policy/resource-role.yaml
@@ -28,9 +28,9 @@ Resources:
           PolicyDocument:
             Version: '2012-10-17'
             Statement:
-              - Effect: Deny
+              - Effect: Allow
                 Action:
-                - "*"
+                - "secretsmanager:GetSecretValue"
                 Resource: "*"
 Outputs:
   ExecutionRoleArn:
