@friggframework/devtools 2.0.0--canary.400.bed3308.0 → 2.0.0--canary.400.545e7a8.0

package/infrastructure/iam-generator.js

@@ -46,10 +46,7 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
     const template = {
         AWSTemplateFormatVersion: '2010-09-09',
         Description: `IAM roles and policies for ${appDefinition.name || 'Frigg'} application deployment pipeline`,
-<<<<<<< HEAD
-=======
         
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
         Parameters: {
             DeploymentUserName: {
                 Type: 'String',
@@ -169,10 +166,7 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
         'cloudformation:DeleteChangeSet',
         'cloudformation:ExecuteChangeSet',
         'cloudformation:ValidateTemplate',
-<<<<<<< HEAD
-=======
         
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
         // Lambda permissions
         'lambda:CreateFunction',
         'lambda:UpdateFunctionCode',
@@ -195,10 +189,7 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
         'lambda:TagResource',
         'lambda:UntagResource',
         'lambda:ListVersionsByFunction',
-<<<<<<< HEAD
-=======
         
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
         // IAM permissions
         'iam:CreateRole',
         'iam:DeleteRole',
@@ -212,41 +203,18 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
         'iam:TagRole',
         'iam:UntagRole',
         'iam:ListPolicyVersions',
-<<<<<<< HEAD
-
-=======
         
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
         // S3 permissions
         's3:CreateBucket',
-        's3:DeleteBucket',
         's3:PutObject',
         's3:GetObject',
         's3:DeleteObject',
         's3:PutBucketPolicy',
-        's3:GetBucketPolicy',
-        's3:DeleteBucketPolicy',
         's3:PutBucketVersioning',
-        's3:GetBucketVersioning',
         's3:PutBucketPublicAccessBlock',
-        's3:GetBucketPublicAccessBlock',
-        's3:PutBucketTagging',
-        's3:GetBucketTagging',
-        's3:DeleteBucketTagging',
-        's3:PutBucketEncryption',
-        's3:GetBucketEncryption',
-        's3:PutEncryptionConfiguration',
-        's3:PutBucketNotification',
-        's3:GetBucketNotification',
         's3:GetBucketLocation',
         's3:ListBucket',
-        's3:GetBucketAcl',
-        's3:PutBucketAcl',
-<<<<<<< HEAD
-
-=======
         
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
         // SQS permissions
         'sqs:CreateQueue',
         'sqs:DeleteQueue',
@@ -255,10 +223,7 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
         'sqs:GetQueueUrl',
         'sqs:TagQueue',
         'sqs:UntagQueue',
-<<<<<<< HEAD
-=======
         
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
         // SNS permissions
         'sns:CreateTopic',
         'sns:DeleteTopic',
@@ -269,10 +234,7 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
         'sns:ListSubscriptionsByTopic',
         'sns:TagResource',
         'sns:UntagResource',
-<<<<<<< HEAD
-=======
         
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
         // CloudWatch and Logs permissions
         'cloudwatch:PutMetricAlarm',
         'cloudwatch:DeleteAlarms',
@@ -285,10 +247,7 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
         'logs:FilterLogEvents',
         'logs:PutLogEvents',
         'logs:PutRetentionPolicy',
-<<<<<<< HEAD
-=======
         
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
         // API Gateway permissions
         'apigateway:POST',
         'apigateway:PUT',
@@ -314,10 +273,7 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'cloudformation:DescribeChangeSet',
                 'cloudformation:CreateChangeSet',
                 'cloudformation:DeleteChangeSet',
-                'cloudformation:ExecuteChangeSet',
-                'cloudformation:TagResource',
-                'cloudformation:UntagResource',
-                'cloudformation:ListStackResources'
+                'cloudformation:ExecuteChangeSet'
             ],
             Resource: [
                 { 'Fn::Sub': 'arn:aws:cloudformation:*:${AWS::AccountId}:stack/*frigg*/*' }
@@ -334,29 +290,14 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
             Effect: 'Allow',
             Action: [
                 's3:CreateBucket',
-                's3:DeleteBucket',
                 's3:PutObject',
                 's3:GetObject',
                 's3:DeleteObject',
                 's3:PutBucketPolicy',
-                's3:GetBucketPolicy',
-                's3:DeleteBucketPolicy',
                 's3:PutBucketVersioning',
-                's3:GetBucketVersioning',
                 's3:PutBucketPublicAccessBlock',
-                's3:GetBucketPublicAccessBlock',
-                's3:PutBucketTagging',
-                's3:GetBucketTagging',
-                's3:DeleteBucketTagging',
-                's3:PutBucketEncryption',
-                's3:GetBucketEncryption',
-                's3:PutEncryptionConfiguration',
-                's3:PutBucketNotification',
-                's3:GetBucketNotification',
                 's3:GetBucketLocation',
-                's3:ListBucket',
-                's3:GetBucketAcl',
-                's3:PutBucketAcl'
+                's3:ListBucket'
             ],
             Resource: [
                 'arn:aws:s3:::*serverless*',
@@ -384,7 +325,6 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'lambda:PutProvisionedConcurrencyConfig',
                 'lambda:DeleteProvisionedConcurrencyConfig',
                 'lambda:PutConcurrency',
-                'lambda:PutFunctionConcurrency',
                 'lambda:DeleteConcurrency',
                 'lambda:TagResource',
                 'lambda:UntagResource',
@@ -394,23 +334,6 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 { 'Fn::Sub': 'arn:aws:lambda:*:${AWS::AccountId}:function:*frigg*' }
             ]
         },
-        {
-            Sid: 'FriggLambdaEventSourceMapping',
-            Effect: 'Allow',
-            Action: [
-                'lambda:CreateEventSourceMapping',
-                'lambda:DeleteEventSourceMapping',
-                'lambda:GetEventSourceMapping',
-                'lambda:UpdateEventSourceMapping',
-                'lambda:ListEventSourceMappings',
-                'lambda:TagResource',
-                'lambda:UntagResource',
-                'lambda:ListTags'
-            ],
-            Resource: [
-                { 'Fn::Sub': 'arn:aws:lambda:*:${AWS::AccountId}:event-source-mapping:*' }
-            ]
-        },
         {
             Sid: 'IAMRolesForFriggLambda',
             Effect: 'Allow',
@@ -487,9 +410,7 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'logs:DescribeLogStreams',
                 'logs:FilterLogEvents',
                 'logs:PutLogEvents',
-                'logs:PutRetentionPolicy',
-                'logs:TagResource',
-                'logs:UntagResource'
+                'logs:PutRetentionPolicy'
             ],
             Resource: [
                 { 'Fn::Sub': 'arn:aws:logs:*:${AWS::AccountId}:log-group:/aws/lambda/*frigg*' },
@@ -511,8 +432,7 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'arn:aws:apigateway:*::/restapis',
                 'arn:aws:apigateway:*::/restapis/*',
                 'arn:aws:apigateway:*::/domainnames',
-                'arn:aws:apigateway:*::/domainnames/*',
-                'arn:aws:apigateway:*::/tags/*'
+                'arn:aws:apigateway:*::/domainnames/*'
             ]
         }
     ];
@@ -546,7 +466,6 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                             Action: [
                                 'ec2:CreateVpcEndpoint',
                                 'ec2:DeleteVpcEndpoint',
-                                'ec2:DeleteVpcEndpoints',
                                 'ec2:DescribeVpcEndpoints',
                                 'ec2:ModifyVpcEndpoint',
                                 'ec2:CreateNatGateway',
@@ -555,8 +474,6 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                                 'ec2:AllocateAddress',
                                 'ec2:ReleaseAddress',
                                 'ec2:DescribeAddresses',
-                                'ec2:AssociateAddress',
-                                'ec2:DisassociateAddress',
                                 'ec2:CreateRouteTable',
                                 'ec2:DeleteRouteTable',
                                 'ec2:DescribeRouteTables',
@@ -569,10 +486,7 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                                 'ec2:AuthorizeSecurityGroupEgress',
                                 'ec2:AuthorizeSecurityGroupIngress',
                                 'ec2:RevokeSecurityGroupEgress',
-                                'ec2:RevokeSecurityGroupIngress',
-                                'ec2:CreateTags',
-                                'ec2:DeleteTags',
-                                'ec2:DescribeTags'
+                                'ec2:RevokeSecurityGroupIngress'
                             ],
                             Resource: '*'
                         }
@@ -764,47 +678,10 @@ function generateIAMPolicy(mode = 'basic') {
     return generateBasicIAMPolicy();
 }
 
-/**
- * Wrapper function for generate command compatibility
- * @param {Object} options - Generation options
- * @param {string} options.appName - Application name
- * @param {Object} options.features - Feature flags
- * @param {string} options.userPrefix - IAM user name prefix
- * @param {string} options.stackName - CloudFormation stack name
- * @returns {Promise<string>} CloudFormation YAML template
- */
-async function generateCloudFormationTemplate(options) {
-    const { appName, features, userPrefix, stackName } = options;
-<<<<<<< HEAD
-
-=======
-    
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
-    // Create appDefinition from features
-    const appDefinition = {
-        name: appName,
-        vpc: { enable: features.vpc },
-        encryption: { useDefaultKMSForFieldLevelEncryption: features.kms },
-        ssm: { enable: features.ssm },
-        websockets: { enable: features.websockets }
-    };
-<<<<<<< HEAD
-
-=======
-    
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
-    return generateIAMCloudFormation(appDefinition, {
-        deploymentUserName: userPrefix,
-        stackName: stackName,
-        mode: 'auto'
-    });
-}
-
 module.exports = {
     generateIAMCloudFormation,
     getFeatureSummary,
     generateBasicIAMPolicy,
     generateFullIAMPolicy,
-    generateIAMPolicy,
-    generateCloudFormationTemplate
+    generateIAMPolicy
 };

package/infrastructure/iam-policy-basic.json

@@ -43,29 +43,16 @@
       "Effect": "Allow",
       "Action": [
         "s3:CreateBucket",
-        "s3:DeleteBucket",
         "s3:PutObject",
         "s3:GetObject",
         "s3:DeleteObject",
         "s3:PutBucketPolicy",
-        "s3:GetBucketPolicy",
-        "s3:DeleteBucketPolicy",
         "s3:PutBucketVersioning",
-        "s3:GetBucketVersioning",
         "s3:PutBucketPublicAccessBlock",
-        "s3:GetBucketPublicAccessBlock",
-        "s3:PutBucketTagging",
-        "s3:GetBucketTagging",
-        "s3:DeleteBucketTagging",
-        "s3:PutBucketEncryption",
-        "s3:GetBucketEncryption",
-        "s3:PutEncryptionConfiguration",
-        "s3:PutBucketNotification",
-        "s3:GetBucketNotification",
         "s3:GetBucketLocation",
         "s3:ListBucket",
-        "s3:GetBucketAcl",
-        "s3:PutBucketAcl"
+        "s3:PutBucketTagging",
+        "s3:GetBucketTagging"
       ],
       "Resource": [
         "arn:aws:s3:::*serverless*",
@@ -93,7 +80,6 @@
         "lambda:PutProvisionedConcurrencyConfig",
         "lambda:DeleteProvisionedConcurrencyConfig",
         "lambda:PutConcurrency",
-        "lambda:PutFunctionConcurrency",
         "lambda:DeleteConcurrency",
         "lambda:TagResource",
         "lambda:UntagResource",
@@ -111,10 +97,7 @@
         "lambda:DeleteEventSourceMapping",
         "lambda:GetEventSourceMapping",
         "lambda:UpdateEventSourceMapping",
-        "lambda:ListEventSourceMappings",
-        "lambda:TagResource",
-        "lambda:UntagResource",
-        "lambda:ListTags"
+        "lambda:ListEventSourceMappings"
       ],
       "Resource": [
         "arn:aws:lambda:*:*:event-source-mapping:*"
@@ -200,9 +183,7 @@
         "logs:DescribeLogStreams",
         "logs:FilterLogEvents",
         "logs:PutLogEvents",
-        "logs:PutRetentionPolicy",
-        "logs:TagResource",
-        "logs:UntagResource"
+        "logs:PutRetentionPolicy"
       ],
       "Resource": [
         "arn:aws:logs:*:*:log-group:/aws/lambda/*frigg*",
@@ -224,12 +205,7 @@
         "arn:aws:apigateway:*::/restapis",
         "arn:aws:apigateway:*::/restapis/*",
         "arn:aws:apigateway:*::/domainnames",
-<<<<<<< HEAD
-          "arn:aws:apigateway:*::/domainnames/*",
-=======
-        "arn:aws:apigateway:*::/domainnames/*",
->>>>>>> 37c4892ee8a686eb7acfcd17c333b0ed73e1f120
-        "arn:aws:apigateway:*::/tags/*"
+        "arn:aws:apigateway:*::/domainnames/*"
       ]
     }
   ]

package/infrastructure/iam-policy-full.json

@@ -43,29 +43,16 @@
       "Effect": "Allow",
       "Action": [
         "s3:CreateBucket",
-        "s3:DeleteBucket",
         "s3:PutObject",
         "s3:GetObject",
         "s3:DeleteObject",
         "s3:PutBucketPolicy",
-        "s3:GetBucketPolicy",
-        "s3:DeleteBucketPolicy",
         "s3:PutBucketVersioning",
-        "s3:GetBucketVersioning",
         "s3:PutBucketPublicAccessBlock",
-        "s3:GetBucketPublicAccessBlock",
-        "s3:PutBucketTagging",
-        "s3:GetBucketTagging",
-        "s3:DeleteBucketTagging",
-        "s3:PutBucketEncryption",
-        "s3:GetBucketEncryption",
-        "s3:PutEncryptionConfiguration",
-        "s3:PutBucketNotification",
-        "s3:GetBucketNotification",
         "s3:GetBucketLocation",
         "s3:ListBucket",
-        "s3:GetBucketAcl",
-        "s3:PutBucketAcl"
+        "s3:PutBucketTagging",
+        "s3:GetBucketTagging"
       ],
       "Resource": [
         "arn:aws:s3:::*serverless*",
@@ -93,7 +80,6 @@
         "lambda:PutProvisionedConcurrencyConfig",
         "lambda:DeleteProvisionedConcurrencyConfig",
         "lambda:PutConcurrency",
-        "lambda:PutFunctionConcurrency",
         "lambda:DeleteConcurrency",
         "lambda:TagResource",
         "lambda:UntagResource",
@@ -111,10 +97,7 @@
         "lambda:DeleteEventSourceMapping",
         "lambda:GetEventSourceMapping",
         "lambda:UpdateEventSourceMapping",
-        "lambda:ListEventSourceMappings",
-        "lambda:TagResource",
-        "lambda:UntagResource",
-        "lambda:ListTags"
+        "lambda:ListEventSourceMappings"
       ],
       "Resource": [
         "arn:aws:lambda:*:*:event-source-mapping:*"
@@ -200,9 +183,7 @@
         "logs:DescribeLogStreams",
         "logs:FilterLogEvents",
         "logs:PutLogEvents",
-        "logs:PutRetentionPolicy",
-        "logs:TagResource",
-        "logs:UntagResource"
+        "logs:PutRetentionPolicy"
       ],
       "Resource": [
         "arn:aws:logs:*:*:log-group:/aws/lambda/*frigg*",
@@ -224,8 +205,7 @@
         "arn:aws:apigateway:*::/restapis",
         "arn:aws:apigateway:*::/restapis/*",
         "arn:aws:apigateway:*::/domainnames",
-        "arn:aws:apigateway:*::/domainnames/*",
-        "arn:aws:apigateway:*::/tags/*"
+        "arn:aws:apigateway:*::/domainnames/*"
       ]
     },
     {
@@ -234,7 +214,6 @@
       "Action": [
         "ec2:CreateVpcEndpoint",
         "ec2:DeleteVpcEndpoint",
-        "ec2:DeleteVpcEndpoints",
         "ec2:DescribeVpcEndpoints",
         "ec2:ModifyVpcEndpoint",
         "ec2:CreateNatGateway",
@@ -243,8 +222,6 @@
         "ec2:AllocateAddress",
         "ec2:ReleaseAddress",
         "ec2:DescribeAddresses",
-        "ec2:AssociateAddress",
-        "ec2:DisassociateAddress",
         "ec2:CreateRouteTable",
         "ec2:DeleteRouteTable",
         "ec2:DescribeRouteTables",