From 0a4a1b012078c4bda9eaeb9db0002a0d5b58f897 Mon Sep 17 00:00:00 2001
From: Chris Park <chris.park@aligent.com.au>
Date: Mon, 4 Dec 2023 10:56:50 +1030
Subject: [PATCH] add Cognito access instead of excessive permission

---
 packages/serverless-deploy-iam/bin/app.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/serverless-deploy-iam/bin/app.ts b/packages/serverless-deploy-iam/bin/app.ts
index 5783e3a..46abc07 100644
--- a/packages/serverless-deploy-iam/bin/app.ts
+++ b/packages/serverless-deploy-iam/bin/app.ts
@@ -175,7 +175,7 @@ export class ServiceDeployIAM extends cdk.Stack {
                     {
                          name: 'IAM',
                          prefix: `arn:aws:iam::${accountId}:role`,
-                         qualifiers: [`*${serviceName}*`],
+                         qualifiers: [`${serviceName}*`, `Cognito-${serviceName}*`],
                          actions: [
                               "iam:CreateRole",
                               "iam:PassRole",