Skip to content

Commit bc90b19

Browse files
cyphronixcyphronix
committed
update permissions for other accts
1 parent f8525ea commit bc90b19

File tree

1 file changed

+8
-7
lines changed

1 file changed

+8
-7
lines changed

aws_sra_examples/solutions/genai/bedrock_org/templates/sra-bedrock-org-main.yaml

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -500,8 +500,8 @@ Resources:
500500
- 'logs:Link'
501501
- 'logs:DescribeLogGroups'
502502
Resource:
503-
- !Sub 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:metric-filter:*'
504-
- !Sub 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*'
503+
- !Sub 'arn:${AWS::Partition}:logs:*:${AWS::AccountId}:metric-filter:*'
504+
- !Sub 'arn:${AWS::Partition}:logs:*:${AWS::AccountId}:log-group:*'
505505
PolicyName: !Sub '${pSRASolutionName}-logs-policy'
506506
- PolicyDocument:
507507
Version: '2012-10-17'
@@ -525,9 +525,10 @@ Resources:
525525
- 'oam:DeleteLink'
526526
- 'oam:TagResource'
527527
Resource:
528-
- !Sub 'arn:${AWS::Partition}:oam:${AWS::Region}:${AWS::AccountId}:link/*'
529-
- !Sub 'arn:${AWS::Partition}:oam:${AWS::Region}:${AWS::AccountId}:/ListLinks*'
530-
- !Sub 'arn:${AWS::Partition}:oam:${AWS::Region}:*:sink/*' # sink on security account
528+
- !Sub 'arn:${AWS::Partition}:oam:*:${AWS::AccountId}:link/*'
529+
- !Sub 'arn:${AWS::Partition}:oam:*:${AWS::AccountId}:/ListLinks*'
530+
- !Sub 'arn:${AWS::Partition}:oam:*:${AWS::AccountId}:/ListLinks'
531+
- !Sub 'arn:${AWS::Partition}:oam:*:*:sink/*' # sink on security account
531532
PolicyName: !Sub '${pSRASolutionName}-oam-policy'
532533
- PolicyDocument:
533534
Version: '2012-10-17'
@@ -597,7 +598,7 @@ Resources:
597598
Action:
598599
- 'applicationinsights:Link'
599600
Resource:
600-
- !Sub 'arn:${AWS::Partition}:applicationinsights:${AWS::Region}:${AWS::AccountId}:application/*'
601+
- !Sub 'arn:${AWS::Partition}:applicationinsights:*:${AWS::AccountId}:application/*'
601602
PolicyName: !Sub '${pSRASolutionName}-appinsights-policy'
602603
- PolicyDocument:
603604
Version: '2012-10-17'
@@ -606,7 +607,7 @@ Resources:
606607
Action:
607608
- 'internetmonitor:Link'
608609
Resource:
609-
- !Sub 'arn:${AWS::Partition}:internetmonitor:${AWS::Region}:${AWS::AccountId}:monitor/*'
610+
- !Sub 'arn:${AWS::Partition}:internetmonitor:*:${AWS::AccountId}:monitor/*'
610611
PolicyName: !Sub '${pSRASolutionName}-internetmonitor-policy'
611612

612613
Tags:

0 commit comments

Comments
 (0)