Skip to content

Commit

Permalink
Allow CodePipeline, SNS, and Organizations to Untag too
Browse files Browse the repository at this point in the history 
**Why?**

When changing an organization wide tag, it would fail to update the stack
due to this missing permission..
  • Loading branch information
@sbkok
sbkok committed Jun 8, 2023
1 parent 5402a97 commit 58f6ab9
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
2 changes: 2 additions & 0 deletions ...base/initial_commit/bootstrap_repository/adf-bootstrap/deployment/pipeline_management.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -796,6 +796,7 @@ Resources:
- "codepipeline:RegisterWebhookWithThirdParty"
- "codepipeline:StartPipelineExecution"
- "codepipeline:TagResource"
- "codepipeline:UntagResource"
- "codepipeline:UpdatePipeline"
Resource:
- !Sub arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:webhook:adf-webhook-*
Expand All @@ -817,6 +818,7 @@ Resources:
- "sns:SetTopicAttributes"
- "sns:GetTopicAttributes"
- "sns:TagResource"
- "sns:UntagResource"
- "sns:ListSubscriptionsByTopic"
Resource:
- !Sub arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:${PipelinePrefix}*
Expand Down
1 change: 1 addition & 0 deletions src/template.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -402,6 +402,7 @@ Resources:
- Effect: Allow
Action:
- "organizations:TagResource"
- "organizations:UntagResource"
Resource: "*"

AccountTagConfigFunction:
Expand Down

0 comments on commit 58f6ab9

Please sign in to comment.