Skip to content

Commit

Permalink
Merge branch 'feature/cognito-permissions' of github.com:aligent/cdk-…
Browse files Browse the repository at this point in the history 
…stacks into feature/cognito-permissions
  • Loading branch information
Chris Park committed Dec 4, 2023
2 parents d2e0bef + 7f8933e commit 1ed55ca
Showing 1 changed file with 21 additions and 4 deletions.
25 changes: 21 additions & 4 deletions packages/serverless-deploy-iam/bin/app.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ export class ServiceDeployIAM extends cdk.Stack {
{
name: 'IAM',
prefix: `arn:aws:iam::${accountId}:role`,
qualifiers: [`${serviceName}*`],
qualifiers: [`*${serviceName}*`],
actions: [
"iam:CreateRole",
"iam:PassRole",
Expand Down Expand Up @@ -297,7 +297,7 @@ export class ServiceDeployIAM extends cdk.Stack {
},
{
name: 'COGNITO',
prefix: `arn:aws:cognito-sync:${region}:${accountId}:identitypool/`,
prefix: `arn:aws:cognito-sync:${region}:${accountId}:identitypool`,
qualifiers: [`${serviceName}*`],
actions: [
"cognito-sync:BulkPublish",
Expand Down Expand Up @@ -346,7 +346,7 @@ export class ServiceDeployIAM extends cdk.Stack {
},
{
name: 'COGNITO_IDP',
prefix: `arn:aws:cognito-idp:${region}:${accountId}:userpool/`,
prefix: `arn:aws:cognito-idp:${region}:${accountId}:userpool`,
qualifiers: [`${serviceName}*`, `${region}_*`],
actions: [
"cognito-idp:Create*",
Expand All @@ -359,6 +359,23 @@ export class ServiceDeployIAM extends cdk.Stack {
"cognito-idp:UntagResource",
"cognito-idp:Update*",
]
},
{
name: 'COGNITO_IDP_CREATEUSERPOOL',
prefix: `arn:aws:cognito-idp:${region}:${accountId}:userpool`,
qualifiers: ["*"],
actions: [
"cognito-idp:CreateUserPool"
]
},
{
name: 'COGNITO_IDP_IDENTITYPOOL',
prefix: `arn:aws:cognito-identity:${region}:${accountId}:identitypool`,
qualifiers: [`${region}:*`],
actions: [
"cognito-identity:CreateIdentityPool",
"cognito-identity:SetIdentityPoolRoles"
]
}
]
}
Expand Down Expand Up @@ -584,6 +601,7 @@ export class ServiceDeployIAM extends cdk.Stack {
static formatResourceQualifier(serviceName: string, prefix: string, qualifiers: string[]): string[] {
let delimiter = "/";
switch (serviceName) {
case "COGNITO":
case "CLOUD_WATCH":
case "LAMBDA":
case "S3":
Expand All @@ -599,7 +617,6 @@ export class ServiceDeployIAM extends cdk.Stack {
case "EVENT_BRIDGE":
delimiter = ":";
break;
// TODO: add cognito
}

return qualifiers.filter(Boolean).map((qualifier) => { return `${prefix}${delimiter}${qualifier}` })
Expand Down

0 comments on commit 1ed55ca

Please sign in to comment.