From eda060ea34e46dc7ba7fcb0d4a92c115a761b5e8 Mon Sep 17 00:00:00 2001 From: Simon Kok Date: Fri, 9 Dec 2022 11:47:56 +0100 Subject: [PATCH] Fix AttachRolePolicy on automation roles **Why?** At the moment, the IAM policy was allowing `iam:CreateRolePolicy`. This action does not exist. **What?** Changing it to: `iam:AttachRolePolicy` and changing order to be alphabetically. --- .../bootstrap_repository/adf-bootstrap/deployment/global.yml | 2 +- .../bootstrap_repository/adf-bootstrap/global.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/global.yml b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/global.yml index 1eac45ead..384c84a14 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/global.yml +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/global.yml @@ -497,8 +497,8 @@ Resources: - !Sub arn:${AWS::Partition}:codebuild:${AWS::Region}:${AWS::AccountId}:project/adf-* - Effect: Allow Action: + - "iam:AttachRolePolicy" - "iam:CreateRole" - - "iam:CreateRolePolicy" - "iam:DeleteRole" - "iam:DeleteRolePolicy" - "iam:GetRole" diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/global.yml b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/global.yml index 35a48cb75..cc5fb1ec0 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/global.yml +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/global.yml @@ -307,8 +307,8 @@ Resources: - Effect: Allow Sid: "IAM" Action: + - "iam:AttachRolePolicy" - "iam:CreateRole" - - "iam:CreateRolePolicy" - "iam:DeleteRole" - "iam:DeleteRolePolicy" - "iam:GetRole"