Merge pull request #6 from zLukas/fix_go_binary

Fix go binary
zLukas · Oct 11, 2023 · e45ee1c · e45ee1c
2 parents 347c22c + e1f7d15
commit e45ee1c
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/doc/aws-permissions.json b/doc/aws-permissions.json
@@ -7,19 +7,23 @@
             "Action": [
                 "iam:DeletePolicy",
                 "iam:AttachRolePolicy",
+                "iam:DetachRolePolicy",
                 "iam:PutRolePolicy",
                 "iam:CreatePolicy",
                 "iam:GetPolicy",
                 "iam:GetPolicyVersion",
                 "iam:ListPolicyVersions",
                 "iam:DeleteRolePolicy",
+                "iam:ListEntitiesForPolicy",
                 "iam:CreateRole",
                 "iam:GetRole",
                 "iam:DeleteRole",
                 "iam:ListRolePolicies",
                 "iam:ListAttachedRolePolicies",
                 "iam:ListInstanceProfilesForRole",
-                "iam:PassRole"
+                "iam:PassRole",
+                "iam:ListAttachedGroupPolicies",
+                "iam:UpdateRole"
             ],
             "Resource": [
                 "arn:aws:iam::<accountNumber>:role/*",

diff --git a/src/cert-generator/cmd/lambda.go b/src/cert-generator/cmd/lambda.go
@@ -31,7 +31,7 @@ func handleRequest(ctx context.Context, event RequestEvent) (string, error) {
 	dbRegion := os.Getenv("DB_REGION")
 	db := aws.Database{}
 	if err != nil {
-		fmt.Printf("Error: %s", err)
+		return "fail", fmt.Errorf("Error: %s", err)
 	}
 	currentTime := time.Now()
 
@@ -51,7 +51,7 @@ func handleRequest(ctx context.Context, event RequestEvent) (string, error) {
 		aws.WithTableName(dbTable),
 	)
 	if err != nil {
-		fmt.Printf("database upload error: %s", err.Error())
+		return "fail", fmt.Errorf("database upload error: %s", err.Error())
 	}
 
 	return "sucess", nil

diff --git a/terraform/modules/lambda/iam.tf b/terraform/modules/lambda/iam.tf
@@ -30,4 +30,10 @@ resource "aws_iam_policy" "lambda_permissions" {
   path        = "/"
   description = "IAM policy for Lambda"
   policy      = data.aws_iam_policy_document.lambda_policy_doc.json
-}
+}
+
+resource "aws_iam_policy_attachment" "lambda_attachment" {
+  name       = "lambdaAttachment"
+  roles      = [aws_iam_role.iam_for_lambda.name] 
+  policy_arn = aws_iam_policy.lambda_permissions.arn
+}