Merge branch 'main' into feature/cognito-permissions

aligent · Dec 4, 2023 · d2e0bef · d2e0bef
2 parents dc5027b + 9c5ec75
commit d2e0bef
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/packages/serverless-deploy-iam/bin/app.ts b/packages/serverless-deploy-iam/bin/app.ts
@@ -482,12 +482,20 @@ export class ServiceDeployIAM extends cdk.Stack {
                               "apigateway:PATCH",
                          ]
                     },
+                    {
+                      name: 'API_GATEWAY_RESTAPIS',
+                      prefix: `arn:aws:apigateway:${region}::/restapis`,
+                      qualifiers: [`/*/deployments`],
+                      actions: ['apigateway:GET']
+                    },
                     // The serverless-api-gateway-throttling requires PATCH access using the deploy user to update maxRequestsPerSecond and maxConcurrentRequests
                     {
                          name: 'API_GATEWAY',
-                         resources: [`arn:aws:apigateway:${region}::/restapis/*/stages/*`],
+                         prefix: `arn:aws:apigateway:${region}::/restapis/*/stages`,
+                         qualifiers: [`*`],
                          actions: [
-                              "apigateway:PATCH"
+                              "apigateway:PATCH",
+                              "apigateway:POST"
                          ]
                     }
                ]
@@ -584,6 +592,10 @@ export class ServiceDeployIAM extends cdk.Stack {
                case "STEP_FUNCTION":
                     delimiter = "";
                     break;
+               case "API_GATEWAY":
+               case "API_GATEWAY_RESTAPIS":
+                    delimiter = "";
+                    break;
                case "EVENT_BRIDGE":
                     delimiter = ":";
                     break;