Skip to content

Commit

Permalink
Include a more specific policy for the lambdas
Browse files Browse the repository at this point in the history
  • Loading branch information
Chris Gilmer committed Oct 28, 2019
1 parent 25d4a4e commit 586e6d8
Showing 1 changed file with 33 additions and 9 deletions.
42 changes: 33 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ following policy document
"Version":"2012-10-17",
"Statement":[
{
"Sid":"WriteCloudWatchLogs",
"Effect":"Allow",
"Action":[
"logs:CreateLogGroup",
Expand All @@ -96,18 +97,26 @@ following policy document
"Resource":"*"
},
{
"Sid":"s3GetAndPutWithTagging",
"Action":[
"s3:GetObject",
"s3:GetObjectTagging",
"s3:PutObject",
"s3:PutObjectTagging",
"s3:PutObjectVersionTagging",
"s3:ListBucket"
"s3:PutObjectVersionTagging"
],
"Effect":"Allow",
"Resource":[
"arn:aws:s3:::<bucket-name>",
"arn:aws:s3:::<bucket-name>/*"
"arn:aws:s3:::<av-definition-s3-bucket>/*"
]
},
{
"Sid": "s3HeadObject",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": [
"arn:aws:s3:::<av-definition-s3-bucket>/*",
"arn:aws:s3:::<av-definition-s3-bucket>"
]
}
]
Expand Down Expand Up @@ -144,6 +153,7 @@ following policy document
"Version":"2012-10-17",
"Statement":[
{
"Sid":"WriteCloudWatchLogs",
"Effect":"Allow",
"Action":[
"logs:CreateLogGroup",
Expand All @@ -153,11 +163,13 @@ following policy document
"Resource":"*"
},
{
"Sid":"s3AntiVirusScan",
"Action":[
"s3:GetObject",
"s3:GetObjectTagging",
"s3:GetObjectVersion",
"s3:PutObjectTagging",
"s3:PutObjectVersionTagging",
"s3:PutObjectVersionTagging"
],
"Effect":"Allow",
"Resource": [
Expand All @@ -166,18 +178,20 @@ following policy document
]
},
{
"Sid":"s3AntiVirusDefinitions",
"Action":[
"s3:GetObject",
"s3:GetObjectTagging",
"s3:GetObjectTagging"
],
"Effect":"Allow",
"Resource": [
"arn:aws:s3:::<av-definition-s3-bucket>/*"
]
},
{
"Sid":"kmsDecrypt",
"Action":[
"kms:Decrypt",
"kms:Decrypt"
],
"Effect":"Allow",
"Resource": [
Expand All @@ -186,14 +200,24 @@ following policy document
]
},
{
"Action":[
"sns:Publish",
"Sid":"snsPublish",
"Action": [
"sns:Publish"
],
"Effect":"Allow",
"Resource": [
"arn:aws:sns:::<av-scan-start>",
"arn:aws:sns:::<av-status>"
]
},
{
"Sid":"s3HeadObject",
"Effect":"Allow",
"Action":"s3:ListBucket",
"Resource":[
"arn:aws:s3:::<av-definition-s3-bucket>/*",
"arn:aws:s3:::<av-definition-s3-bucket>"
]
}
]
}
Expand Down

0 comments on commit 586e6d8

Please sign in to comment.