Address SonarCloud issues

bcgov · Nov 15, 2024 · 51dc948 · 51dc948
1 parent 3deed24
commit 51dc948
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 5 deletions.
diff --git a/infrastructure/cloud/modules/APIGateway/main.tf b/infrastructure/cloud/modules/APIGateway/main.tf
@@ -64,9 +64,8 @@ resource "aws_api_gateway_rest_api_policy" "apigw_rest_api_policy" {
     Version = "2012-10-17"
     Statement = [
       {
-        Effect = "Allow"
-        #Principal = var.ecs_execution_role_arn
-        Principal = "*"
+        Effect    = "Allow"
+        Principal = var.ecs_execution_role_arn
         Action    = "execute-api:Invoke"
         Resource  = "arn:aws:execute-api:${var.region}:${var.account_id}:${aws_api_gateway_rest_api.apigw.id}/*"
       }

diff --git a/infrastructure/cloud/modules/IAM/main.tf b/infrastructure/cloud/modules/IAM/main.tf
@@ -290,7 +290,10 @@ resource "aws_iam_policy" "lambda_role_policy" {
           "ecs:DescribeServices",
           "ecs:ListServices"
         ],
-        "Resource" : "*"
+        "Resource" : [
+          "arn:aws:ecs:*:*:cluster/${var.app_name}-app-cluster-${var.environment}",
+          "arn:aws:ecs:*:*:service/${var.app_name}-app-cluster-${var.environment}/${var.app_name}-*-ecs-service-${var.environment}"
+        ]
       },
       {
         "Effect" : "Allow",
@@ -299,7 +302,9 @@ resource "aws_iam_policy" "lambda_role_policy" {
           "ecr:BatchGetImage",
           "ecr:BatchCheckLayerAvailability"
         ],
-        "Resource" : "*"
+        "Resource" : [
+          "arn:aws:ecr:*:*:repository/${var.app_name}-*-repo-${var.environment}"
+        ]
       }
     ]
   })