search

awslabs / aws-service-catalog-products

This repository contains a number of CloudFormation templates which can be used independently or as Products with AWS Service Catalog including the Open Source Tools AWS Service Catalog Factory and AWS Service Catalog Puppet. The templates include a number of the foundational AWS Services you may choose to manage Account Compliance including AWS Config, AWS CloudTrail and GuardDuty
MIT No Attribution
162 stars 36 forks source link

account-waiter has incorrect syntax for iam role #55

Open pgiuliano opened 3 years ago

pgiuliano commented 3 years ago

governance-at-scale-account-factory/account-waiter/v3/product.template.yaml

AccountWaiterCustomResourceRole:
    Type: AWS::IAM::Role
    Properties:
      Path: !Ref GovernanceAtScaleAccountFactoryIAMRolePath
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Policies:
        - PolicyName: ServiceCatalogActions
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - sts:AssumeRole
                Resource: !Ref GovernanceAtScaleAccountFactoryAccountCreationSharedOrgRoleArn
              - Effect: Allow
                Action:
                  - codebuild: '*'
                Resource: '*'
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Principal:
              AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
            Action:
              - "sts:AssumeRole"
          - Effect: "Allow"
            Principal:
              Service:
                - "lambda.amazonaws.com"
            Action:
              - "sts:AssumeRole"

codebuild: '*' should be - 'codebuild:*'