Skip to content
This repository has been archived by the owner on Jul 18, 2024. It is now read-only.

Commit

Permalink
feat: restrict PutEvents permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@nmoutschen
nmoutschen committed May 26, 2021
1 parent 0164f61 commit 6f43051
Show file tree
Hide file tree
Showing 10 changed files with 40 additions and 5 deletions.
1 change: 1 addition & 0 deletions delivery/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ dependencies:
- orders
- platform
parameters:
EventBusArn: /ecommerce/{Environment}/platform/event-bus/arn
EventBusName: /ecommerce/{Environment}/platform/event-bus/name
OrdersApiUrl: /ecommerce/{Environment}/orders/api/url
OrdersApiArn: /ecommerce/{Environment}/orders/api/arn
8 changes: 7 additions & 1 deletion delivery/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ Parameters:
Type: Number
Default: 30
Description: CloudWatch Logs retention period for Lambda functions
EventBusArn:
Type: AWS::SSM::Parameter::Value<String>
Description: EventBridge Event Bus ARN
EventBusName:
Type: AWS::SSM::Parameter::Value<String>
Description: EventBridge Event Bus Name
Expand Down Expand Up @@ -141,7 +144,10 @@ Resources:
- Effect: Allow
Action:
- events:PutEvents
Resource: "*"
Resource: !Ref EventBusArn
Condition:
StringEquals:
events:source: "ecommerce.delivery"
- Effect: Allow
Action:
- sqs:SendMessage
Expand Down
1 change: 1 addition & 0 deletions orders/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ dependencies:
parameters:
DeliveryApiArn: /ecommerce/{Environment}/delivery-pricing/api/arn
DeliveryApiUrl: /ecommerce/{Environment}/delivery-pricing/api/url
EventBusArn: /ecommerce/{Environment}/platform/event-bus/arn
EventBusName: /ecommerce/{Environment}/platform/event-bus/name
PaymentApiArn: /ecommerce/{Environment}/payment/api/arn
PaymentApiUrl: /ecommerce/{Environment}/payment/api/url
Expand Down
8 changes: 7 additions & 1 deletion orders/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ Parameters:
DeliveryApiArn:
Type: AWS::SSM::Parameter::Value<String>
Description: Delivery API Gateway ARN
EventBusArn:
Type: AWS::SSM::Parameter::Value<String>
Description: EventBridge Event Bus ARN
EventBusName:
Type: AWS::SSM::Parameter::Value<String>
Description: EventBridge Event Bus Name
Expand Down Expand Up @@ -184,7 +187,10 @@ Resources:
- Effect: Allow
Action:
- events:PutEvents
Resource: "*"
Resource: !Ref EventBusArn
Condition:
StringEquals:
events:source: "ecommerce.orders"
- Effect: Allow
Action:
- sqs:SendMessage
Expand Down
1 change: 1 addition & 0 deletions products/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,5 @@ permissions:
api:
/validate: [post]
parameters:
EventBusArn: /ecommerce/{Environment}/platform/event-bus/arn
EventBusName: /ecommerce/{Environment}/platform/event-bus/name
8 changes: 7 additions & 1 deletion products/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ Parameters:
Type: Number
Default: 30
Description: CloudWatch Logs retention period for Lambda functions
EventBusArn:
Type: AWS::SSM::Parameter::Value<String>
Description: EventBridge Event Bus ARN
EventBusName:
Type: AWS::SSM::Parameter::Value<String>
Description: EventBridge Event Bus Name
Expand Down Expand Up @@ -118,7 +121,10 @@ Resources:
- Effect: Allow
Action:
- events:PutEvents
Resource: "*"
Resource: !Ref EventBusArn
Condition:
StringEquals:
events:source: "ecommerce.products"
- Effect: Allow
Action:
- sqs:SendMessage
Expand Down
1 change: 1 addition & 0 deletions users/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,5 @@ name: users
dependencies:
- platform
parameters:
EventBusArn: /ecommerce/{Environment}/platform/event-bus/arn
EventBusName: /ecommerce/{Environment}/platform/event-bus/name
8 changes: 7 additions & 1 deletion users/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ Parameters:
Type: Number
Default: 30
Description: CloudWatch Logs retention period for Lambda functions
EventBusArn:
Type: AWS::SSM::Parameter::Value<String>
Description: EventBridge Event Bus ARN
EventBusName:
Type: AWS::SSM::Parameter::Value<String>
Description: EventBridge Event Bus Name
Expand Down Expand Up @@ -86,7 +89,10 @@ Resources:
- Effect: Allow
Action:
- events:PutEvents
Resource: "*"
Resource: !Ref EventBusArn
Condition:
StringEquals:
events:source: "ecommerce.users"

SignUpLogGroup:
Type: AWS::Logs::LogGroup
Expand Down
1 change: 1 addition & 0 deletions warehouse/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ dependencies:
- platform
- users
parameters:
EventBusArn: /ecommerce/{Environment}/platform/event-bus/arn
EventBusName: /ecommerce/{Environment}/platform/event-bus/name
8 changes: 7 additions & 1 deletion warehouse/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ Parameters:
Type: Number
Default: 30
Description: CloudWatch Logs retention period for Lambda functions
EventBusArn:
Type: AWS::SSM::Parameter::Value<String>
Description: EventBridge Event Bus ARN
EventBusName:
Type: AWS::SSM::Parameter::Value<String>
Description: EventBridge Event Bus Name
Expand Down Expand Up @@ -154,7 +157,10 @@ Resources:
- Effect: Allow
Action:
- events:PutEvents
Resource: "*"
Resource: !Ref EventBusArn
Condition:
StringEquals:
events:source: "ecommerce.warehouse"
- Effect: Allow
Action:
- dynamodb:Query
Expand Down

0 comments on commit 6f43051

Please sign in to comment.