Skip to content

Commit 1cf1181

Browse files
juancarlejuancarle
committed
add sopport to listObjects
1 parent 3087304 commit 1cf1181

File tree

1 file changed

+19
-9
lines changed

1 file changed

+19
-9
lines changed

lib/deploy/stepFunctions/compileIamRole.js

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -586,23 +586,33 @@ function getS3ObjectPermissions(action, state) {
586586
const bucket = state.Parameters.Bucket || '*';
587587
const key = state.Parameters.Key || '*';
588588
const prefix = state.Parameters.Prefix;
589-
let arn;
589+
let resource;
590590

591-
if (bucket === '*' && key === '*') {
592-
arn = '*';
591+
if (action === 's3:AmazonS3ReadOnlyAccess') {
592+
action = [
593+
's3:Get*',
594+
's3:List*',
595+
's3:Describe*',
596+
's3-object-lambda:Get*',
597+
's3-object-lambda:List*'
598+
],
599+
resource = [
600+
`arn:aws:s3:::${bucket}`,
601+
`arn:aws:s3:::${bucket}/*`
602+
],
603+
} else if (bucket === '*' && key === '*') {
604+
resource = '*';
593605
} else if (prefix & key) {
594-
arn = `arn:aws:s3:::${bucket}/${prefix}/${key}`;
606+
resource = `arn:aws:s3:::${bucket}/${prefix}/${key}`;
595607
} else if (prefix) {
596-
arn = `arn:aws:s3:::${bucket}/${prefix}`;
608+
resource = `arn:aws:s3:::${bucket}/${prefix}`;
597609
} else {
598-
arn = `arn:aws:s3:::${bucket}/${key}`;
610+
resource = `arn:aws:s3:::${bucket}/${key}`;
599611
}
600612

601613
return [{
602614
action,
603-
resource: [
604-
arn,
605-
],
615+
resource,
606616
}];
607617
}
608618

0 commit comments

Comments
 (0)