This repository was archived by the owner on Dec 6, 2024. It is now read-only.
This repository was archived by the owner on Dec 6, 2024. It is now read-only.
Permissions issue #40
Open
Description
Great stack, thanks for making it available!
One issue I found was that there were additional permissions required for the delete stack role.
# The following were missing from the example
-
Sid: IAMPermissions
Effect: "Allow"
Action:
- iam:DeleteRolePolicy
- iam:DeleteRole
Resource:
- !Sub "arn:aws:iam::${AWS::AccountId}:role/${StackName}-DeleteCFNLambda"
- !Sub "arn:aws:iam::${AWS::AccountId}:role/${StackName}-DeleteCFNLambdaExecutionRole"
- !Sub "arn:aws:iam::${AWS::AccountId}:role/${StackName}-GenerateCronExpLambdaRole"
-
Sid: LamdaPermissions
Effect: "Allow"
Action:
- lambda:DeleteFunction
- lambda:InvokeFunction
- lambda:RemovePermission
Resource:
- !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${StackName}-GenerateCronExpLambda"
- !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${StackName}-DeleteCFNLambda"
-
Sid: EventsPermissions
Effect: "Allow"
Action:
- events:RemoveTargets
- events:DeleteRule
Resource:
- !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/${StackName}-DeleteStackEventRule"
Metadata
Metadata
Assignees
Labels
No labels