Sage-Bionetworks-IT · xschildw · Dec 5, 2024 · Oct 11, 2024 · Nov 7, 2024 · Nov 7, 2024
@@ -836,12 +836,18 @@ GithubOidcNbConvertDeploy:
     ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]
     ProviderRoleName: !Sub ${resourcePrefix}-${appName}-nbconvert-deploy
     MaxSessionDuration: 7200
-    ManagedPolicyArns:
-      - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess"
-      - "arn:aws:iam::aws:policy/AWSLambda_FullAccess"
-      - "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
-      - "arn:aws:iam::aws:policy/IAMFullAccess"
-      - "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess"
+    PolicyDocument: !Sub |
+      {
+          "Version": "2012-10-17",
+          "Statement": [
+              {
+                  "Sid": "AssumeRoleStatement",
+                  "Effect": "Allow",
+                  "Action": "sts:AssumeRole",
+                  "Resource": "arn:aws:iam::${AWS::AccountId}:role/cdk-*-role-*-us-east-1"
+              }
+          ]
+      }
   TemplatingContext:
     GitHubOrg: "Sage-Bionetworks"
     Repositories: