From 914cca0f0315c5dbb9c9a977721c76bfb93ecd26 Mon Sep 17 00:00:00 2001 From: zLukas Date: Wed, 11 Oct 2023 23:54:13 +0200 Subject: [PATCH 1/4] source code error returning added --- src/cert-generator/cmd/lambda.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cert-generator/cmd/lambda.go b/src/cert-generator/cmd/lambda.go index 26f2d46..2583604 100644 --- a/src/cert-generator/cmd/lambda.go +++ b/src/cert-generator/cmd/lambda.go @@ -31,7 +31,7 @@ func handleRequest(ctx context.Context, event RequestEvent) (string, error) { dbRegion := os.Getenv("DB_REGION") db := aws.Database{} if err != nil { - fmt.Printf("Error: %s", err) + return "fail", fmt.Errorf("Error: %s", err) } currentTime := time.Now() @@ -51,7 +51,7 @@ func handleRequest(ctx context.Context, event RequestEvent) (string, error) { aws.WithTableName(dbTable), ) if err != nil { - fmt.Printf("database upload error: %s", err.Error()) + return "fail", fmt.Errorf("database upload error: %s", err.Error()) } return "sucess", nil From 9477a02def3a69bfa1fc01583114b0da2d0b6689 Mon Sep 17 00:00:00 2001 From: zLukas Date: Wed, 11 Oct 2023 23:55:08 +0200 Subject: [PATCH 2/4] lambda policy attachment added to terraform --- terraform/modules/lambda/iam.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/terraform/modules/lambda/iam.tf b/terraform/modules/lambda/iam.tf index ca1e5cd..2b3533b 100644 --- a/terraform/modules/lambda/iam.tf +++ b/terraform/modules/lambda/iam.tf @@ -30,4 +30,10 @@ resource "aws_iam_policy" "lambda_permissions" { path = "/" description = "IAM policy for Lambda" policy = data.aws_iam_policy_document.lambda_policy_doc.json +} + +resource "aws_iam_policy_attachment" "lambda_attachment" { + name = "lambdaAttachment" + roles =[aws_iam_role.iam_for_lambda.name] + policy_arn = aws_iam_policy.lambda_permissions.arn } \ No newline at end of file From 6891f0d8c1e23fdc675de11440b87f5ada346b25 Mon Sep 17 00:00:00 2001 From: zLukas Date: Wed, 11 Oct 2023 23:56:45 +0200 Subject: [PATCH 3/4] permission list updated --- doc/aws-permissions.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/aws-permissions.json b/doc/aws-permissions.json index 8fcf8ce..e7d2ba3 100644 --- a/doc/aws-permissions.json +++ b/doc/aws-permissions.json @@ -7,19 +7,23 @@ "Action": [ "iam:DeletePolicy", "iam:AttachRolePolicy", + "iam:DetachRolePolicy", "iam:PutRolePolicy", "iam:CreatePolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListPolicyVersions", "iam:DeleteRolePolicy", + "iam:ListEntitiesForPolicy", "iam:CreateRole", "iam:GetRole", "iam:DeleteRole", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfilesForRole", - "iam:PassRole" + "iam:PassRole", + "iam:ListAttachedGroupPolicies", + "iam:UpdateRole" ], "Resource": [ "arn:aws:iam:::role/*", From e1f7d1560e51a530728dbe42473eca93a2bf3e1d Mon Sep 17 00:00:00 2001 From: zLukas Date: Thu, 12 Oct 2023 00:00:11 +0200 Subject: [PATCH 4/4] syntax fix --- terraform/modules/lambda/iam.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/modules/lambda/iam.tf b/terraform/modules/lambda/iam.tf index 2b3533b..299fc9a 100644 --- a/terraform/modules/lambda/iam.tf +++ b/terraform/modules/lambda/iam.tf @@ -34,6 +34,6 @@ resource "aws_iam_policy" "lambda_permissions" { resource "aws_iam_policy_attachment" "lambda_attachment" { name = "lambdaAttachment" - roles =[aws_iam_role.iam_for_lambda.name] + roles = [aws_iam_role.iam_for_lambda.name] policy_arn = aws_iam_policy.lambda_permissions.arn -} \ No newline at end of file +}