Skip to content

Commit

Permalink
Fix to use single table, role. Move policies
Browse files Browse the repository at this point in the history
  • Loading branch information
@kookster
kookster committed Oct 16, 2024
1 parent 3787e8f commit 417333d
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 31 deletions.
17 changes: 5 additions & 12 deletions spire/templates/apps/dovetail-analytics.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -769,19 +769,13 @@ Resources:
- dynamodb:UpdateItem
Effect: Allow
# TODO: can this be done with an AWS::Partition Sub?
Resource: !Split
- ","
- Fn::Sub:
- arn:aws:dynamodb:*:*:table/${inner}
- inner:
Fn::Join:
- ",arn:aws:dynamodb:*:*:table/"
- !Split [",", !Ref FrequencyDynamodbTableName]
Resource:
- !Sub "arn:aws:dynamodb:*:*:table/${FrequencyDynamodbTableName}"
Version: "2012-10-17"
- Statement:
- Action: sts:AssumeRole
Effect: Allow
Resource: !Split [",", !Ref FrequencyDynamodbAccessRoleArn]
Resource: !Ref FrequencyDynamodbAccessRoleArn
Version: "2012-10-17"
Tags:
prx:meta:tagging-version: "2021-04-07"
Expand Down Expand Up @@ -815,8 +809,7 @@ Resources:
Properties:
AlarmName: !Sub WARN [Dovetail-Analytics] Frequency Lambda function <${EnvironmentTypeAbbreviation}> INVOCATIONS ERRORS (${RootStackName})
AlarmDescription: !Sub >-
${EnvironmentType} Dovetail Analytics Frequency Lambda function is
failing, but tktktk.
${EnvironmentType} Dovetail Analytics Frequency Lambda function is failing.
ComparisonOperator: GreaterThanThreshold
Dimensions:
- Name: FunctionName
Expand Down Expand Up @@ -882,7 +875,7 @@ Resources:
AlarmName: !Sub WARN [Dovetail-Analytics] Frequency Lambda function <${EnvironmentTypeAbbreviation}> KINESIS ITERATOR FALLING BEHIND (${RootStackName})
AlarmDescription: !Sub >-
${EnvironmentType} Dovetail Analytics Frequency Lambda function's
Kinesis iterator age is higher than normal, tktktk.
Kinesis iterator age is higher than normal.
ComparisonOperator: GreaterThanThreshold
Dimensions:
- Name: FunctionName
Expand Down
41 changes: 22 additions & 19 deletions spire/templates/apps/dovetail-router.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -741,26 +741,29 @@ Resources:
Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
- Action:
- dynamodb:BatchGetItem
- dynamodb:ConditionCheck
- dynamodb:DescribeTable
- dynamodb:DescribeTimeToLive
- dynamodb:GetItem
- dynamodb:Query
Effect: Allow
Resource: !Split
- ","
- Fn::Sub:
- arn:aws:dynamodb:*:*:table/${inner}
- inner:
Fn::Join:
- ",arn:aws:dynamodb:*:*:table/"
- !Split [",", !Ref FrequencyDynamodbTableName]
- Action: sts:AssumeRole
Effect: Allow
Resource: !Split [",", !Ref FrequencyDynamodbAccessRoleArn]
Version: "2012-10-17"
Policies:
- PolicyDocument:
Statement:
- Action:
- dynamodb:BatchGetItem
- dynamodb:ConditionCheck
- dynamodb:DescribeTable
- dynamodb:DescribeTimeToLive
- dynamodb:GetItem
- dynamodb:Query
Effect: Allow
Resource:
- !Sub "arn:aws:dynamodb:*:*:table/${FrequencyDynamodbTableName}"
Version: "2012-10-17"
PolicyName: FrequencyDdbActions
- PolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Resource: !Ref FrequencyDynamodbAccessRoleArn
Version: "2012-10-17"
PolicyName: FrequencyDdbAssumeRole
Tags:
- { Key: prx:meta:tagging-version, Value: "2021-04-07" }
- { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
Expand Down

0 comments on commit 417333d

Please sign in to comment.