Replace Managed Policy with equivalent inline policy

awslabs / amazon-s3-find-and-forget

Amazon S3 Find and Forget is a solution to handle data erasure requests from data lakes stored on Amazon S3, for example, pursuant to the European General Data Protection Regulation (GDPR)

Apache License 2.0

238 stars 35 forks source link

Some scanners are triggered by the presence of the AmazonAPIGatewayInvokeFullAccessmanaged policy. This commit replaces the managed policy with an equivalent inline policy that will not trigger scanners. There's a small security win in being able to scope the API Gateway resource to the specific Account and Region.

Issue #, if available:

Description of changes:

PR Checklist:

[x] Changelog updated
[x] Unit tests (and integration tests if applicable) provided
[x] All tests pass
[x] Pre-commit checks pass
[x] Debugging code removed
[x] If releasing a new version, have you bumped the version in the main CFN template?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 99.71%. Comparing base (cb48fca) to head (2c596e2).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #405 +/- ## ======================================= Coverage 99.71% 99.71% ======================================= Files 31 31 Lines 1742 1742 ======================================= Hits 1737 1737 Misses 5 5 ```

awslabs / amazon-s3-find-and-forget

Replace Managed Policy with equivalent inline policy #405

Codecov Report