@jaypie/constructs 1.2.27 → 1.2.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/cjs/index.cjs +4 -11
  2. package/dist/cjs/index.cjs.map +1 -1
  3. package/dist/esm/index.js +4 -11
  4. package/dist/esm/index.js.map +1 -1
  5. package/package.json +1 -1
package/dist/esm/index.js CHANGED
@@ -3008,23 +3008,15 @@ class JaypieGitHubDeployRole extends Construct {
3008
3008
  actions: [
3009
3009
  "cloudformation:CreateStack",
3010
3010
  "cloudformation:DeleteStack",
3011
- "cloudformation:DescribeStackEvents",
3012
- "cloudformation:DescribeStackResource",
3013
- "cloudformation:DescribeStackResources",
3014
- "cloudformation:DescribeStacks",
3011
+ "cloudformation:Describe*",
3015
3012
  "cloudformation:GetTemplate",
3016
3013
  "cloudformation:SetStackPolicy",
3017
3014
  "cloudformation:UpdateStack",
3018
3015
  "cloudformation:ValidateTemplate",
3019
- "ec2:DescribeAvailabilityZones",
3020
- "ec2:DescribeNetworkInterfaces",
3021
- "ec2:DescribeRouteTables",
3022
- "ec2:DescribeSecurityGroups",
3023
- "ec2:DescribeSubnets",
3024
- "ec2:DescribeVpcs",
3016
+ "ec2:Describe*",
3025
3017
  "iam:PassRole",
3026
3018
  "route53:ListHostedZones*",
3027
- "s3:GetObject",
3019
+ "s3:GetObject", // TODO: this should be restricted by bucket
3028
3020
  "s3:ListBucket",
3029
3021
  "ssm:GetParameter",
3030
3022
  "ssm:GetParameters",
@@ -3038,6 +3030,7 @@ class JaypieGitHubDeployRole extends Construct {
3038
3030
  resources: [
3039
3031
  "arn:aws:iam::*:role/cdk-hnb659fds-deploy-role-*",
3040
3032
  "arn:aws:iam::*:role/cdk-hnb659fds-file-publishing-*",
3033
+ "arn:aws:iam::*:role/cdk-hnb659fds-lookup-role-*",
3041
3034
  "arn:aws:iam::*:role/cdk-readOnlyRole",
3042
3035
  ],
3043
3036
  }));