Add comment about wildcard

gracelu0 · gracelu0 · commit 51f9d6f80814 · 2025-03-04T13:09:07.000-08:00
diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/inspector-start-assessment-run.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/inspector-start-assessment-run.ts
@@ -17,6 +17,8 @@ export class InspectorStartAssessmentRun extends ScheduleTargetBase implements I
   protected addTargetActionToRole(role: IRole): void {
     role.addToPrincipalPolicy(new PolicyStatement({
       actions: ['inspector:StartAssessmentRun'],
+      // The wildcard is intentional here as Amazon Inspector does not support specifying a resource ARN in the Resource element of an IAM policy statement.
+      // See https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninspector.html#amazoninspector-resources-for-iam-policies.
       resources: ['*'],
     }));
   }

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ export class InspectorStartAssessmentRun extends ScheduleTargetBase implements I`
`17`	`17`	`protected addTargetActionToRole(role: IRole): void {`
`18`	`18`	`role.addToPrincipalPolicy(new PolicyStatement({`
`19`	`19`	`actions: ['inspector:StartAssessmentRun'],`
	`20`	`+ // The wildcard is intentional here as Amazon Inspector does not support specifying a resource ARN in the Resource element of an IAM policy statement.`
	`21`	`+ // See https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninspector.html#amazoninspector-resources-for-iam-policies.`
`20`	`22`	`resources: ['*'],`
`21`	`23`	`}));`
`22`	`24`	`}`