fixing sns:Publish permission from spokes (#49)

* fixing sns:Publish permission from spokes to servicecatalog-puppet-cloudformation-regional-events * fixing policy to allow spokes to push
awslabs · May 15, 2019 · 31e0f27 · 31e0f27
1 parent 9e33bc2
commit 31e0f27
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 6 deletions.
diff --git a/servicecatalog_puppet/servicecatalog-puppet-regional.template.yaml b/servicecatalog_puppet/servicecatalog-puppet-regional.template.yaml
@@ -45,10 +45,9 @@ Resources:
         - Endpoint: !Sub "arn:aws:sqs:${DefaultRegionValue}:${AWS::AccountId}:servicecatalog-puppet-cloudformation-events"
           Protocol: "sqs"
 
-
-
 Outputs:
   Version:
     Value: !GetAtt Param.Value
+
   RegionalProductTopic:
-    Value: !Ref RegionalProductTopic
+    Value: !Ref RegionalProductTopic
diff --git a/servicecatalog_puppet/servicecatalog-puppet-spoke.template.yaml b/servicecatalog_puppet/servicecatalog-puppet-spoke.template.yaml
@@ -55,7 +55,7 @@ Resources:
                 Resource: !Sub "arn:aws:catalog:*:${AWS::AccountId}:product/*"
               - Effect: "Allow"
                 Action: sns:Publish
-                Resource: !Sub "arn:aws:sns:*:${PuppetAccountId}:servicecatalog-puppet-cloudformation-events"
+                Resource: !Sub "arn:aws:sns:*:${PuppetAccountId}:servicecatalog-puppet-cloudformation-regional-events"
 
       AssumeRolePolicyDocument:
         Version: "2012-10-17"

diff --git a/servicecatalog_puppet/templates/shares.template.yaml.j2 b/servicecatalog_puppet/templates/shares.template.yaml.j2
@@ -101,10 +101,9 @@ Resources:
   {% if sharing_policies.get('accounts')|length > 0 or sharing_policies.get('organizations')|length > 0 %}
   TopicPolicies:
     Type: AWS::SNS::TopicPolicy
-    Condition: RunningInHomeRegion
     Properties:
       Topics:
-        - !Sub "arn:aws:sns:{{ HOME_REGION }}:${AWS::AccountId}:servicecatalog-puppet-cloudformation-events"
+        - !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:servicecatalog-puppet-cloudformation-regional-events"
       PolicyDocument:
         Id: MyTopicPolicy
         Version: '2012-10-17'