From a0f66d97a6452058bb158a97a460f4fbf63625b1 Mon Sep 17 00:00:00 2001
From: Daniel Van Der Ploeg <daniel.vanderploeg@aligent.com.au>
Date: Thu, 23 May 2024 14:04:01 +0930
Subject: [PATCH] feat: compress api gateway permissions

---
 packages/serverless-deploy-iam/bin/app.ts | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/packages/serverless-deploy-iam/bin/app.ts b/packages/serverless-deploy-iam/bin/app.ts
index c53f099..020cf64 100755
--- a/packages/serverless-deploy-iam/bin/app.ts
+++ b/packages/serverless-deploy-iam/bin/app.ts
@@ -503,20 +503,7 @@ export class ServiceDeployIAM extends cdk.Stack {
         // Generated api key names are random so this cannot be limited to the service at this time
         {
           name: "API_GATEWAY",
-          resources: [`arn:aws:apigateway:${region}::/apikeys/*`],
-          actions: ["apigateway:GET", "apigateway:PATCH"],
-        },
-        {
-          name: "API_GATEWAY_RESTAPIS",
-          prefix: `arn:aws:apigateway:${region}::/restapis`,
-          qualifiers: [`/*/deployments`],
-          actions: ["apigateway:GET"],
-        },
-        // The serverless-api-gateway-throttling requires PATCH access using the deploy user to update maxRequestsPerSecond and maxConcurrentRequests
-        {
-          name: "API_GATEWAY",
-          prefix: `arn:aws:apigateway:${region}::/restapis/*/stages`,
-          qualifiers: [`*`],
+          resources: [`arn:aws:apigateway:${region}::*`],
           actions: ["apigateway:GET", "apigateway:PATCH", "apigateway:POST"],
         },
         {