move policy

mattclay · Nov 15, 2022 · 251ccf6 · 251ccf6
1 parent c9a638e
commit 251ccf6
Showing 1 changed file with 23 additions and 24 deletions.
diff --git a/aws/policy/application-services.yaml b/aws/policy/application-services.yaml
@@ -17,6 +17,29 @@ Statement:
       - cloudformation:ListResources
       - cloudformation:UpdateResource
       ###
+      - cloudfront:CreateDistribution
+      - cloudfront:CreateDistributionWithTags
+      - cloudfront:DeleteDistribution
+      - cloudfront:UpdateDistribution
+      - cloudfront:GetDistribution
+      - cloudfront:GetDistributionConfig
+      - cloudfront:GetStreamingDistribution
+      - cloudfront:GetStreamingDistributionConfig
+      - cloudfront:ListCloudFrontOriginAccessIdentities
+      - cloudfront:ListDistributions
+      - cloudfront:ListDistributionsByWebACLId
+      - cloudfront:ListStreamingDistributions
+      - cloudfront:CreateCloudFrontOriginAccessIdentity
+      - cloudfront:DeleteCloudFrontOriginAccessIdentity
+      - cloudfront:GetCloudFrontOriginAccessIdentity
+      - cloudfront:GetCloudFrontOriginAccessIdentityConfig
+      - cloudfront:UpdateCloudFrontOriginAccessIdentity
+      - cloudfront:GetInvalidation
+      - cloudfront:CreateInvalidation
+      - cloudfront:TagResource
+      - cloudfront:UntagResource
+      - cloudfront:ListTagsForResource
+      - cloudfront:DeleteStreamingDistribution
       - codebuild:BatchGetProjects
       - codebuild:ListProjects
       - codecommit:ListRepositories
@@ -113,29 +136,6 @@ Statement:
       - cloudformation:SetStackPolicy
       - cloudformation:UpdateStack
       - cloudformation:UpdateTerminationProtection
-      - cloudfront:CreateDistribution
-      - cloudfront:CreateDistributionWithTags
-      - cloudfront:DeleteDistribution
-      - cloudfront:UpdateDistribution
-      - cloudfront:GetDistribution
-      - cloudfront:GetDistributionConfig
-      - cloudfront:GetStreamingDistribution
-      - cloudfront:GetStreamingDistributionConfig
-      - cloudfront:ListCloudFrontOriginAccessIdentities
-      - cloudfront:ListDistributions
-      - cloudfront:ListDistributionsByWebACLId
-      - cloudfront:ListStreamingDistributions
-      - cloudfront:CreateCloudFrontOriginAccessIdentity
-      - cloudfront:DeleteCloudFrontOriginAccessIdentity
-      - cloudfront:GetCloudFrontOriginAccessIdentity
-      - cloudfront:GetCloudFrontOriginAccessIdentityConfig
-      - cloudfront:UpdateCloudFrontOriginAccessIdentity
-      - cloudfront:GetInvalidation
-      - cloudfront:CreateInvalidation
-      - cloudfront:TagResource
-      - cloudfront:UntagResource
-      - cloudfront:ListTagsForResource
-      - cloudfront:DeleteStreamingDistribution
       - cloudwatch:DeleteAlarms
       - cloudwatch:DescribeAlarms
       - cloudwatch:PutMetricAlarm
@@ -190,7 +190,6 @@ Statement:
     Resource:
       - 'arn:aws:ssm:{{ aws_region }}:{{ aws_account_id }}:document/*'
       - 'arn:aws:cloudformation:{{ aws_region }}:{{ aws_account_id }}:stack/*'
-      - 'arn:aws:cloudfront::{{ aws_account_id }}:distribution/*'
       - 'arn:aws:cloudwatch:{{ aws_region }}:{{ aws_account_id }}:alarm:*'
       - 'arn:aws:codebuild:{{ aws_region }}:{{ aws_account_id }}:*'
       - 'arn:aws:codecommit:{{ aws_region }}:{{ aws_account_id }}:*'