Skip to content
This repository has been archived by the owner on Dec 6, 2024. It is now read-only.

Permissions issue #40

Open
hissing-sid opened this issue Jan 23, 2022 · 0 comments
Open

Permissions issue #40

hissing-sid opened this issue Jan 23, 2022 · 0 comments

Comments

@hissing-sid
Copy link

hissing-sid commented Jan 23, 2022
edited
Loading

Great stack, thanks for making it available!

One issue I found was that there were additional permissions required for the delete stack role.

         # The following were missing from the example
          -  
            Sid: IAMPermissions
            Effect: "Allow"
            Action:
              - iam:DeleteRolePolicy
              - iam:DeleteRole
            Resource: 
              - !Sub "arn:aws:iam::${AWS::AccountId}:role/${StackName}-DeleteCFNLambda"
              - !Sub "arn:aws:iam::${AWS::AccountId}:role/${StackName}-DeleteCFNLambdaExecutionRole"
              - !Sub "arn:aws:iam::${AWS::AccountId}:role/${StackName}-GenerateCronExpLambdaRole"
          - 
            Sid: LamdaPermissions
            Effect: "Allow"
            Action:
              - lambda:DeleteFunction
              - lambda:InvokeFunction
              - lambda:RemovePermission
            Resource: 
              - !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${StackName}-GenerateCronExpLambda"
              - !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${StackName}-DeleteCFNLambda"
          -  
            Sid: EventsPermissions
            Effect: "Allow"
            Action: 
              - events:RemoveTargets
              - events:DeleteRule
            Resource: 
             - !Sub  "arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/${StackName}-DeleteStackEventRule"
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hissing-sid