Skip to content
This repository has been archived by the owner on Dec 6, 2024. It is now read-only.

Commit

Permalink
Resolved cfn-lint findings
Browse files Browse the repository at this point in the history
  • Loading branch information
@vsnyc
vsnyc committed Jun 24, 2021
1 parent 03ab681 commit 7f14cc2
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions templates/workload-yaml.template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -306,12 +306,15 @@ Resources:
- Effect: Allow
Action:
- cloudwatch:PutMetricData
- cloudwatch:EnableAlarmActions
- cloudwatch:PutMetricAlarm
Resource: '*'
- Effect: Allow
Action:
- s3:*
- cloudwatch:EnableAlarmActions
- cloudwatch:PutMetricAlarm
Resource:
- !Sub arn:${AWS::Partition}:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*
- Effect: Allow
Action: ["s3:PutLifecycleConfiguration", "s3:AbortMultipartUpload", "s3:DeleteObjectTagging", "s3:DeleteAccessPoint", "s3:GetAccessPoint", "s3:GetAccessPointPolicyStatus", "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:PutMetricsConfiguration", "s3:GetAccessPointConfigurationForObjectLambda", "s3:BypassGovernanceRetention", "s3:PutBucketLogging", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:GetObjectVersionTagging", "s3:PutEncryptionConfiguration", "s3:GetBucketTagging", "s3:GetAccelerateConfiguration", "s3:PutIntelligentTieringConfiguration", "s3:GetBucketPolicy", "s3:PutJobTagging", "s3:PutBucketCORS", "s3:GetReplicationConfiguration", "s3:DeleteAccessPointForObjectLambda", "s3:GetStorageLensDashboard", "s3:ListJobs", "s3:GetMetricsConfiguration", "s3:PutAccelerateConfiguration", "s3:PutStorageLensConfigurationTagging", "s3:PutAccessPointConfigurationForObjectLambda", "s3:GetBucketObjectLockConfiguration", "s3:GetInventoryConfiguration", "s3:PutBucketWebsite", "s3:PutAnalyticsConfiguration", "s3:GetIntelligentTieringConfiguration", "s3:GetLifecycleConfiguration", "s3:ListStorageLensConfigurations", "s3:DeleteObjectVersion", "s3:GetBucketPublicAccessBlock", "s3:DeleteJobTagging", "s3:PutObjectVersionTagging", "s3:GetObjectAcl", "s3:PutBucketObjectLockConfiguration", "s3:CreateAccessPointForObjectLambda", "s3:PutBucketPolicy", "s3:GetBucketLogging", "s3:GetObjectVersionForReplication", "s3:GetObject", "s3:GetBucketLocation", "s3:DeleteAccessPointPolicyForObjectLambda", "s3:DeleteStorageLensConfigurationTagging", "s3:GetBucketPolicyStatus", "s3:RestoreObject", "s3:GetBucketOwnershipControls", "s3:PutStorageLensConfiguration", "s3:DeleteBucketWebsite", "s3:PutInventoryConfiguration", "s3:ListAccessPoints", "s3:ListMultipartUploadParts", "s3:GetObjectVersion", "s3:DeleteBucketOwnershipControls", "s3:GetBucketCORS", "s3:PutObject", "s3:PutBucketNotification", "s3:PutObjectTagging", "s3:GetEncryptionConfiguration", "s3:GetStorageLensConfiguration", "s3:GetObjectVersionTorrent", "s3:PutAccessPointPolicyForObjectLambda", "s3:PutObjectRetention", "s3:PutBucketPublicAccessBlock", "s3:PutBucketVersioning", "s3:GetAccountPublicAccessBlock", "s3:GetBucketNotification", "s3:GetBucketVersioning", "s3:DeleteStorageLensConfiguration", "s3:GetObjectVersionAcl", "s3:ReplicateTags", "s3:UpdateJobStatus", "s3:DeleteAccessPointPolicy", "s3:GetBucketAcl", "s3:GetObjectLegalHold", "s3:GetAnalyticsConfiguration", "s3:GetObjectRetention", "s3:DeleteBucketPolicy", "s3:PutObjectVersionAcl", "s3:PutAccountPublicAccessBlock", "s3:PutReplicationConfiguration", "s3:DescribeJob", "s3:GetAccessPointForObjectLambda", "s3:CreateAccessPoint", "s3:PutAccessPointPolicy", "s3:GetObjectTorrent", "s3:ListAccessPointsForObjectLambda", "s3:GetBucketRequestPayment", "s3:CreateJob", "s3:GetBucketWebsite", "s3:PutObjectAcl", "s3:PutBucketAcl", "s3:ListBucketVersions", "s3:GetJobTagging", "s3:PutBucketTagging", "s3:PutBucketRequestPayment", "s3:ReplicateDelete", "s3:DeleteObjectVersionTagging", "s3:UpdateJobPriority", "s3:PutBucketOwnershipControls", "s3:DeleteObject", "s3:DeleteBucket", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutObjectLegalHold", "s3:GetStorageLensConfigurationTagging", "s3:GetAccessPointPolicyForObjectLambda", "s3:GetObjectTagging", "s3:CreateBucket", "s3:ReplicateObject", "s3:GetAccessPointPolicy"]
Resource:
- Fn::Sub: arn:${AWS::Partition}:s3:::${S3Bucket}
- Fn::Sub: arn:${AWS::Partition}:s3:::${S3Bucket}/*
Expand Down

0 comments on commit 7f14cc2

Please sign in to comment.