diff --git a/cloudformation/development-secret-policy.yml b/cloudformation/development-secret-policy.yml index 8ad9897d..9dd40855 100644 --- a/cloudformation/development-secret-policy.yml +++ b/cloudformation/development-secret-policy.yml @@ -3,12 +3,12 @@ Description: Create a managed policy to bind to roles that allows secret access Resources: SecretAccess: Type: AWS::IAM::ManagedPolicy - Properties: + Properties: Description: Allows retrieval of secrets in the cis_development namespace. Path: '/' - PolicyDocument: + PolicyDocument: Version: "2012-10-17" - Statement: + Statement: - Effect: Allow Action: - "ssm:GetParameterHistory" @@ -22,4 +22,4 @@ Resources: - "kms:Decrypt" Resource: - arn:aws:kms:us-west-2:320464205386:key/ef00015d-739b-456d-a92f-482712af4f32 - ManagedPolicyName: 'cis-development-secret-retrieval' \ No newline at end of file + ManagedPolicyName: 'cis-development-secret-retrieval' diff --git a/python-modules/cis_identity_vault/Makefile b/python-modules/cis_identity_vault/Makefile index b3581064..60f969f0 100644 --- a/python-modules/cis_identity_vault/Makefile +++ b/python-modules/cis_identity_vault/Makefile @@ -22,7 +22,7 @@ venv: echo "source venv/bin/activate" .install-test: - pip install .[test] + pip install .[test] npm install kinesalite touch $@ diff --git a/serverless-functions/postgres_access_layer/serverless.yml b/serverless-functions/postgres_access_layer/serverless.yml index 79efbcb9..509fff31 100644 --- a/serverless-functions/postgres_access_layer/serverless.yml +++ b/serverless-functions/postgres_access_layer/serverless.yml @@ -126,7 +126,7 @@ functions: - sg-015971fe39add456e handler: handler.handle events: - - stream: + - stream: arn: ${self:custom.postgresqlAccessLayerEnvironment.CIS_DYNAMODB_STREAM_ARN.${self:custom.postgresqlAccessLayerStage}} batchSize: 1000 startingPosition: LATEST diff --git a/serverless-functions/postgresql_replicator/serverless.yml b/serverless-functions/postgresql_replicator/serverless.yml index 2eabdd89..5bbae939 100644 --- a/serverless-functions/postgresql_replicator/serverless.yml +++ b/serverless-functions/postgresql_replicator/serverless.yml @@ -126,7 +126,7 @@ functions: - sg-015971fe39add456e handler: handler.handle events: - - stream: + - stream: arn: ${self:custom.postgresqlReplicatorEnvironment.CIS_DYNAMODB_STREAM_ARN.${self:custom.postgresqlReplicatorStage}} batchSize: 1000 startingPosition: LATEST diff --git a/serverless-functions/webhook_notifier/serverless.yml b/serverless-functions/webhook_notifier/serverless.yml index e96ce493..ac8e5050 100644 --- a/serverless-functions/webhook_notifier/serverless.yml +++ b/serverless-functions/webhook_notifier/serverless.yml @@ -51,7 +51,7 @@ provider: CIS_API_IDENTIFIER: ${self:custom.webhookEnvironment.IDENTIFIER.${self:custom.webhookStage}} CIS_AUTHZERO_TENANT: ${self:custom.webhookEnvironment.WEBHOOK_NOTIFICATION_AUTH0_DOMAIN.${self:custom.webhookStage}} CIS_RP_URLS: ${self:custom.webhookEnvironment.CIS_RP_URLS.${self:custom.webhookStage}} - WEBHOOK_NOTIFICATIONS_AUTH0_DOMAIN: ${self:custom.webhookEnvironment.WEBHOOK_NOTIFICATION_AUTH0_DOMAIN.${self:custom.webhookStage}} + WEBHOOK_NOTIFICATIONS_AUTH0_DOMAIN: ${self:custom.webhookEnvironment.WEBHOOK_NOTIFICATION_AUTH0_DOMAIN.${self:custom.webhookStage}} CIS_SECRET_MANAGER_SSM_PATH: ${self:custom.webhookEnvironment.CIS_SECRET_MANAGER_SSM_PATH.${self:custom.webhookStage}} iamRoleStatements: - Effect: "Allow" # xray permissions (required) @@ -99,7 +99,7 @@ functions: memorySize: 512 timeout: 120 events: - - stream: + - stream: arn: ${self:custom.webhookEnvironment.CIS_DYNAMODB_STREAM_ARN.${self:custom.webhookStage}} batchSize: 100 startingPosition: LATEST