Jackie/rentall-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more specific resources in iam policies

Browse Source
This commit is contained in:
jackiettran
2026-01-15 15:31:23 -05:00
parent 942867d94c
commit c6b531d12a
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
infrastructure/cdk/lib/image-processor-lambda-stack.ts
View File

@@ -113,7 +113,7 @@ export class ImageProcessorLambdaStack extends cdk.Stack {
description: "Execution role for Image Processor Lambda",
});
// CloudWatch Logs permissions
// CloudWatch Logs permissions - scoped to this Lambda's log group
lambdaRole.addToPolicy(
new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
@@ -122,7 +122,10 @@ export class ImageProcessorLambdaStack extends cdk.Stack {
"logs:CreateLogStream",
"logs:PutLogEvents",
],
resources: ["*"],
resources: [
`arn:aws:logs:${this.region}:${this.account}:log-group:/aws/lambda/image-processor-${environment}`,
`arn:aws:logs:${this.region}:${this.account}:log-group:/aws/lambda/image-processor-${environment}:*`,
],
})
);