From 684b37b7f5bbbfe0df194830acc8ff6b964aca19 Mon Sep 17 00:00:00 2001 From: Michal Kleszcz Date: Thu, 4 Jul 2024 14:24:38 +0200 Subject: [PATCH] fix: Add missing IAM SES permissions --- packages/backend/infra/stacks/lib/backendTaskRole.ts | 7 +++++++ packages/workers/workers.conf.yml | 4 ---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/packages/backend/infra/stacks/lib/backendTaskRole.ts b/packages/backend/infra/stacks/lib/backendTaskRole.ts index 2d94dde0b..275259c9a 100644 --- a/packages/backend/infra/stacks/lib/backendTaskRole.ts +++ b/packages/backend/infra/stacks/lib/backendTaskRole.ts @@ -87,5 +87,12 @@ export function createBackendTaskRole( }), ); + taskRole.addToPolicy( + new iam.PolicyStatement({ + actions: ['ses:SendEmail', 'ses:SendRawEmail', 'ses:GetSendQuota'], + resources: ['*'], + }), + ); + return taskRole; } diff --git a/packages/workers/workers.conf.yml b/packages/workers/workers.conf.yml index 607ef21bd..74a7cd721 100644 --- a/packages/workers/workers.conf.yml +++ b/packages/workers/workers.conf.yml @@ -12,10 +12,6 @@ iam: - "secretsmanager:*" Resource: { Fn::ImportValue: "${self:custom.projectEnvName}-databaseSecretArn" } - - Effect: "Allow" - Action: - - "ses:SendEmail" - Resource: "*" - Effect: "Allow" Action: - "states:StartExecution"