Skip to content
This repository has been archived by the owner on Sep 18, 2023. It is now read-only.

Commit

Permalink
fix: add missing tag permissions (#62)
Browse files Browse the repository at this point in the history
  • Loading branch information
@michaelwittig
michaelwittig committed Jun 6, 2023
1 parent 63b1523 commit 3e16407
Showing 1 changed file with 21 additions and 3 deletions.
24 changes: 21 additions & 3 deletions marbot-aws-account-connection.yml
View file
Expand Up @@ -121,7 +121,7 @@ Resources:
{
"Type": "monitoring-jump-start-connection",
"StackTemplate": "marbot-aws-account-connection",
"StackVersion": "1.3.0",
"StackVersion": "1.3.1",
"Partition": "${AWS::Partition}",
"AccountId": "${AWS::AccountId}",
"Region": "${AWS::Region}",
Expand Down Expand Up @@ -212,6 +212,8 @@ Resources:
- 'cloudwatch:DescribeAlarms'
- 'cloudwatch:ListTagsForResource'
- 'cloudwatch:PutMetricAlarm'
- 'cloudwatch:TagResource'
- 'cloudwatch:UntagResource'
Resource: !Sub 'arn:${AWS::Partition}:cloudwatch:*:${AWS::AccountId}:alarm:marbot*'
- Effect: Allow
Action:
Expand All @@ -222,6 +224,8 @@ Resources:
- 'events:PutRule'
- 'events:PutTargets'
- 'events:RemoveTargets'
- 'events:TagResource'
- 'events:UntagResource'
Resource: !Sub 'arn:${AWS::Partition}:events:*:${AWS::AccountId}:rule/marbot*'
- Effect: Allow
Action:
Expand All @@ -231,6 +235,8 @@ Resources:
- 'sns:ListTagsForResource'
- 'sns:SetTopicAttributes'
- 'sns:Subscribe'
- 'sns:TagResource'
- 'sns:UntagResource'
Resource: !Sub 'arn:${AWS::Partition}:sns:*:${AWS::AccountId}:marbot*'
- Effect: Allow
Action:
Expand All @@ -241,6 +247,8 @@ Resources:
- 'rds:DescribeEventSubscriptions'
- 'rds:ListTagsForResource'
- 'rds:ModifyEventSubscription'
- 'rds:AddTagsToResource'
- 'rds:RemoveTagsFromResource'
Resource: !Sub 'arn:${AWS::Partition}:rds:*:${AWS::AccountId}:es:marbot*'
- Effect: Allow
Action:
Expand All @@ -249,6 +257,10 @@ Resources:
- 'logs:DeleteRetentionPolicy'
- 'logs:ListTagsLogGroup'
- 'logs:PutRetentionPolicy'
- 'logs:TagLogGroup'
- 'logs:TagResource'
- 'logs:UntagLogGroup'
- 'logs:UntagResource'
Resource: !Sub 'arn:${AWS::Partition}:logs:*:${AWS::AccountId}:log-group:/aws/lambda/marbot*'
- Effect: Allow
Action:
Expand All @@ -262,6 +274,9 @@ Resources:
- 'lambda:GetPolicy'
- 'lambda:ListVersionsByFunction'
- 'lambda:RemovePermission'
- 'lambda:ListTags'
- 'lambda:TagResource'
- 'lambda:UntagResource'
Resource: !Sub 'arn:${AWS::Partition}:lambda:*:${AWS::AccountId}:function:marbot*'
- Effect: Allow
Action:
Expand All @@ -288,6 +303,9 @@ Resources:
- 'iam:ListInstanceProfilesForRole'
- 'iam:ListRolePolicies'
- 'iam:UpdateRoleDescription'
- 'iam:ListRoleTags'
- 'iam:TagRole'
- 'iam:UntagRole'
Resource: !Sub 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/marbot*'
PolicyName: MonitoringAssistantPolicy
- !Ref 'AWS::NoValue'
Expand Down Expand Up @@ -336,7 +354,7 @@ Resources:
MarbotFeatureAccountAlias: !Ref AccountAlias
MarbotFeatureCloudWatchMetricGraph: !Ref CloudWatchMetricGraph
MarbotFeatureCodePipelineApproval: !Ref CodePipelineApproval
CloudFormationStackVersion: '1.3.0'
CloudFormationStackVersion: '1.3.1'
CloudFormationStackRegion: !Ref 'AWS::Region'
CloudFormationStackId: !Ref 'AWS::StackId'
CloudFormationStackName: !Ref 'AWS::StackName'
Expand All @@ -349,4 +367,4 @@ Outputs:
Value: 'marbot-aws-account-connection'
StackVersion:
Description: 'Stack version.'
Value: '1.3.0'
Value: '1.3.1'

0 comments on commit 3e16407

Please sign in to comment.