Skip to content

Commit

Permalink
Merge pull request #437 from kddejong/fix/sub/arns
Browse files Browse the repository at this point in the history 
Resolve some sub arn issues
  • Loading branch information
@ericzbeard
ericzbeard authored Jun 17, 2024
2 parents da038b3 + df7eb99 commit 86d9d1a
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 30 deletions.
40 changes: 20 additions & 20 deletions Solutions/ADConnector/templates/ADCONNECTOR.cfn.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -499,14 +499,14 @@ Resources:
- Effect: Allow
Action: s3:GetObject
Resource:
- !Sub arn${AWS::Partition}s3:::aws-ssm-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::aws-windows-downloads-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::amazon-ssm-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::amazon-ssm-packages-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::${AWS::Region}-birdwatcher-prod/*
- !Sub arn${AWS::Partition}s3:::patch-baseline-snapshot-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::aws-ssm-distributor-file-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::aws-ssm-document-attachments-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-ssm-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-windows-downloads-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::amazon-ssm-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::amazon-ssm-packages-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::${AWS::Region}-birdwatcher-prod/*
- !Sub arn:${AWS::Partition}:s3:::patch-baseline-snapshot-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-ssm-distributor-file-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-ssm-document-attachments-${AWS::Region}/*
- !If
- SSMLogsBucketNameCondition
- PolicyName: SsmLogs
Expand All @@ -520,8 +520,8 @@ Resources:
- s3:PutObjectAcl
- s3:GetEncryptionConfiguration
Resource:
- !Sub arn${AWS::Partition}s3:::${SSMLogsBucketName}
- !Sub arn${AWS::Partition}s3:::${SSMLogsBucketName}/*
- !Sub arn:${AWS::Partition}:s3:::${SSMLogsBucketName}
- !Sub arn:${AWS::Partition}:s3:::${SSMLogsBucketName}/*
- !Ref AWS::NoValue
- PolicyName: ADConnectorLinuxEC2SeamlessDomainJoinSecret
PolicyDocument:
Expand Down Expand Up @@ -628,14 +628,14 @@ Resources:
- Effect: Allow
Action: s3:GetObject
Resource:
- !Sub arn${AWS::Partition}s3:::aws-ssm-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::aws-windows-downloads-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::amazon-ssm-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::amazon-ssm-packages-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::${AWS::Region}-birdwatcher-prod/*
- !Sub arn${AWS::Partition}s3:::patch-baseline-snapshot-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::aws-ssm-distributor-file-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::aws-ssm-document-attachments-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-ssm-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-windows-downloads-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::amazon-ssm-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::amazon-ssm-packages-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::${AWS::Region}-birdwatcher-prod/*
- !Sub arn:${AWS::Partition}:s3:::patch-baseline-snapshot-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-ssm-distributor-file-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-ssm-document-attachments-${AWS::Region}/*
- !If
- SSMLogsBucketNameCondition
- PolicyName: SsmLogs
Expand All @@ -649,8 +649,8 @@ Resources:
- s3:PutObjectAcl
- s3:GetEncryptionConfiguration
Resource:
- !Sub arn${AWS::Partition}s3:::${SSMLogsBucketName}
- !Sub arn${AWS::Partition}s3:::${SSMLogsBucketName}/*
- !Sub arn:${AWS::Partition}:s3:::${SSMLogsBucketName}
- !Sub arn:${AWS::Partition}:s3:::${SSMLogsBucketName}/*
- !Ref AWS::NoValue
Condition: WindowsEC2DomainJoinResourcesCondition

Expand Down
20 changes: 10 additions & 10 deletions Solutions/ManagedAD/templates/MANAGEDAD.cfn.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,14 +244,14 @@ Resources:
- Effect: Allow
Action: s3:GetObject
Resource:
- !Sub arn${AWS::Partition}s3:::aws-ssm-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::aws-windows-downloads-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::amazon-ssm-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::amazon-ssm-packages-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::${AWS::Region}-birdwatcher-prod/*
- !Sub arn${AWS::Partition}s3:::patch-baseline-snapshot-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::aws-ssm-distributor-file-${AWS::Region}/*
- !Sub arn${AWS::Partition}s3:::aws-ssm-document-attachments-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-ssm-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-windows-downloads-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::amazon-ssm-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::amazon-ssm-packages-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::${AWS::Region}-birdwatcher-prod/*
- !Sub arn:${AWS::Partition}:s3:::patch-baseline-snapshot-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-ssm-distributor-file-${AWS::Region}/*
- !Sub arn:${AWS::Partition}:s3:::aws-ssm-document-attachments-${AWS::Region}/*
- !If
- SSMLogsBucketNameCondition
- PolicyName: SsmLogs
Expand All @@ -265,8 +265,8 @@ Resources:
- s3:PutObjectAcl
- s3:GetEncryptionConfiguration
Resource:
- !Sub arn${AWS::Partition}s3:::${SSMLogsBucketName}
- !Sub arn${AWS::Partition}s3:::${SSMLogsBucketName}/*
- !Sub arn:${AWS::Partition}:s3:::${SSMLogsBucketName}
- !Sub arn:${AWS::Partition}:s3:::${SSMLogsBucketName}/*
- !Ref AWS::NoValue
- PolicyName: AWSManagedADLinuxEC2SeamlessDomainJoinSecret
PolicyDocument:
Expand Down

0 comments on commit 86d9d1a

Please sign in to comment.