Attempting to add events permission

mrz1836 · May 24, 2021 · eb53ddd · eb53ddd
1 parent 0db19d5
commit eb53ddd
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/application.yaml b/application.yaml
@@ -109,6 +109,7 @@ Resources:
       Policies:
         - AWSCodePipelineReadOnlyAccess
         - AWSLambdaBasicExecutionRole
+        - !Ref EventsPolicy
         - KMSDecryptPolicy:
             KeyId: !Ref EncryptionKeyId
       Events:
@@ -442,6 +443,19 @@ Resources:
                 Effect: Allow
                 Resource: "*"
 
+  # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html
+  EventsPolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      Description: ManageEvents
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Action:
+              - events:Describe*
+            Resource: !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${ApplicationStackName}"
+
 # More info about Outputs: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html
 Outputs:
   StatusFunction: