Merge pull request #67 from aws-solutions/feature/v4.2.0

Scoped down IAM permissions for review, and changed AnonymousData to AnonymizedData to match implementation guide.
aws-solutions · Apr 5, 2023 · a06693d · a06693d
2 parents b01e90a + 50552a6
commit a06693d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Upgraded Lambda runtimes to node 18 from node 12. 
 - Added region name to CachePolicy to allow unique name for multiple stacks with the same stack name in different regions. 
 - Removed application insights
+- MediaPackage IAM role more secure with scoped down privlages. 
 
 ### Contributors
 * @eggoynes

diff --git a/source/constructs/lib/live-streaming.ts b/source/constructs/lib/live-streaming.ts
@@ -168,9 +168,9 @@ export class LiveStreaming extends cdk.Stack {
     /**
      * Mapping for sending anonymous metrics to AWS Solution Builders API
      */
-    new cdk.CfnMapping(this, 'AnonymousData', { // NOSONAR
+    new cdk.CfnMapping(this, 'AnonymizedData', { // NOSONAR
       mapping: {
-        SendAnonymousData: {
+        SendAnonymizedData: {
           Data: 'Yes'
         }
       }
@@ -336,7 +336,7 @@ export class LiveStreaming extends cdk.Stack {
     const customResourceLambda = new lambda.Function(this, 'CustomResource', {
       runtime: lambda.Runtime.NODEJS_18_X,
       handler: 'index.handler',
-      description: 'Used to deploy custom resources and send AnonymousData',
+      description: 'Used to deploy custom resources and send AnonymizedData',
       environment: {
         SOLUTION_IDENTIFIER: 'AwsSolution/SO0013/%%VERSION%%'
       },
@@ -418,7 +418,7 @@ export class LiveStreaming extends cdk.Stack {
           ]
         }),
         new iam.PolicyStatement({
-          resources: ['*'],
+          resources: ['arn:aws:iam:*'],
           actions: [
             'iam:GetRole',
             'iam:PassRole'
@@ -931,7 +931,7 @@ export class LiveStreaming extends cdk.Stack {
         EncodingProfile: encodingProfile.valueAsString,
         Cidr: inputCIDR.valueAsString,
         ChannelStart: channelStart.valueAsString,
-        SendAnonymousMetric: cdk.Fn.findInMap('AnonymousData', 'SendAnonymousData', 'Data')
+        SendAnonymousMetric: cdk.Fn.findInMap('AnonymizedData', 'SendAnonymizedData', 'Data')
       }
     });
 
@@ -940,7 +940,7 @@ export class LiveStreaming extends cdk.Stack {
     /**
      * Outputs
      */
-    if (cdk.Fn.findInMap('AnonymousData', 'SendAnonymousData', 'Data')) {
+    if (cdk.Fn.findInMap('AnonymizedData', 'SendAnonymizedData', 'Data')) {
       new cdk.CfnOutput(this, 'AnonymousMetricUUID', { // NOSONAR
         description: 'AnonymousMetric UUID',
         value: uuid.getAttString('UUID'),