@jaypie/constructs 1.2.26 → 1.2.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/index.cjs +6 -5
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/esm/index.js +6 -5
- package/dist/esm/index.js.map +1 -1
- package/package.json +1 -1
package/dist/cjs/index.cjs
CHANGED
|
@@ -3042,18 +3042,18 @@ class JaypieGitHubDeployRole extends constructs.Construct {
|
|
|
3042
3042
|
actions: [
|
|
3043
3043
|
"cloudformation:CreateStack",
|
|
3044
3044
|
"cloudformation:DeleteStack",
|
|
3045
|
-
"cloudformation:
|
|
3046
|
-
"cloudformation:DescribeStackResource",
|
|
3047
|
-
"cloudformation:DescribeStackResources",
|
|
3048
|
-
"cloudformation:DescribeStacks",
|
|
3045
|
+
"cloudformation:Describe*",
|
|
3049
3046
|
"cloudformation:GetTemplate",
|
|
3050
3047
|
"cloudformation:SetStackPolicy",
|
|
3051
3048
|
"cloudformation:UpdateStack",
|
|
3052
3049
|
"cloudformation:ValidateTemplate",
|
|
3050
|
+
"ec2:Describe*",
|
|
3053
3051
|
"iam:PassRole",
|
|
3054
3052
|
"route53:ListHostedZones*",
|
|
3055
|
-
"s3:GetObject",
|
|
3053
|
+
"s3:GetObject", // TODO: this should be restricted by bucket
|
|
3056
3054
|
"s3:ListBucket",
|
|
3055
|
+
"ssm:GetParameter",
|
|
3056
|
+
"ssm:GetParameters",
|
|
3057
3057
|
],
|
|
3058
3058
|
effect: awsIam.Effect.ALLOW,
|
|
3059
3059
|
resources: ["*"],
|
|
@@ -3064,6 +3064,7 @@ class JaypieGitHubDeployRole extends constructs.Construct {
|
|
|
3064
3064
|
resources: [
|
|
3065
3065
|
"arn:aws:iam::*:role/cdk-hnb659fds-deploy-role-*",
|
|
3066
3066
|
"arn:aws:iam::*:role/cdk-hnb659fds-file-publishing-*",
|
|
3067
|
+
"arn:aws:iam::*:role/cdk-hnb659fds-lookup-role-*",
|
|
3067
3068
|
"arn:aws:iam::*:role/cdk-readOnlyRole",
|
|
3068
3069
|
],
|
|
3069
3070
|
}));
|