Merge pull request #52 from aligent/feature/additional_serverless_dep…

…loy_permissions Feature/additional serverless deploy permissions
aligent · Oct 1, 2024 · e368175 · e368175
2 parents 707d0ec + 6682fa9
commit e368175
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/packages/serverless-deploy-iam/bin/app.ts b/packages/serverless-deploy-iam/bin/app.ts
@@ -166,6 +166,7 @@ export class ServiceDeployIAM extends cdk.Stack {
             "iam:GetRole",
             "iam:DeleteRole",
             "iam:UpdateRole",
+            "iam:TagRole",
             "iam:GetRolePolicy",
             "iam:DeleteRolePolicy",
             "iam:PutRolePolicy",
@@ -476,7 +477,11 @@ export class ServiceDeployIAM extends cdk.Stack {
           name: "LAMBDA",
           prefix: `arn:aws:lambda:${region}:${accountId}:function:`,
           qualifiers: [`${serviceName}*`],
-          actions: ["lambda:GetFunction", "lambda:InvokeFunction"],
+          actions: [
+            "lambda:GetFunction",
+            "lambda:InvokeFunction",
+            "lambda:ListTags",
+          ],
         },
         {
           name: "IAM",

diff --git a/packages/serverless-deploy-iam/test/deploy-role.test.ts b/packages/serverless-deploy-iam/test/deploy-role.test.ts
@@ -108,7 +108,11 @@ describe("Deploy user policy", () => {
         PolicyDocument: {
           Statement: arrayWith(
             objectLike({
-              Action: ["lambda:GetFunction", "lambda:InvokeFunction"],
+              Action: [
+                "lambda:GetFunction",
+                "lambda:InvokeFunction",
+                "lambda:ListTags",
+              ],
               Effect: "Allow",
               Resource: [
                 {