This policy is intended to grant access to my CI/CD pipeline to make changes to the function, but not to execute the function. When evaluating this policy I get 10K plus lines of permissions, which are mostly inaccurate due to the resource restriction. Ideally the evaluation would identify the limited resource and only show permissions that can be included. I'd even consider it a huge improvement if it just limited the results by the service(s) of the resource arn(s).
I have a policy that includes a statement similar to this:
This policy is intended to grant access to my CI/CD pipeline to make changes to the function, but not to execute the function. When evaluating this policy I get 10K plus lines of permissions, which are mostly inaccurate due to the resource restriction. Ideally the evaluation would identify the limited resource and only show permissions that can be included. I'd even consider it a huge improvement if it just limited the results by the service(s) of the resource arn(s).