From d5ffd23933c5dfbe1657110b970423a86664d5eb Mon Sep 17 00:00:00 2001 From: "Marko (ServerlessLife)" Date: Mon, 10 Mar 2025 19:40:45 +0100 Subject: [PATCH 1/2] fix: #114 More secure IoT policy --- src/infraDeploy.ts | 10 ++++++++-- test/utils/expectInfraDeployed.ts | 10 ++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/infraDeploy.ts b/src/infraDeploy.ts index 45fad0f4..76ff07b6 100755 --- a/src/infraDeploy.ts +++ b/src/infraDeploy.ts @@ -37,9 +37,15 @@ const policyDocument = { Version: '2012-10-17', Statement: [ { - Action: 'iot:*', - Resource: '*', Effect: 'Allow', + Action: [ + 'iot:DescribeEndpoint', + 'iot:Connect', + 'iot:Publish', + 'iot:Subscribe', + 'iot:Receive', + ], + Resource: '*', }, ], }; diff --git a/test/utils/expectInfraDeployed.ts b/test/utils/expectInfraDeployed.ts index bd2c3be5..24a079b9 100644 --- a/test/utils/expectInfraDeployed.ts +++ b/test/utils/expectInfraDeployed.ts @@ -30,14 +30,20 @@ export async function expectInfraDeployed(lambdaName: any) { ':layer:LambdaLiveDebugger:', ); expect(policyDocument).toEqual({ + Version: '2012-10-17', Statement: [ { - Action: 'iot:*', Effect: 'Allow', + Action: [ + 'iot:DescribeEndpoint', + 'iot:Connect', + 'iot:Publish', + 'iot:Subscribe', + 'iot:Receive', + ], Resource: '*', }, ], - Version: '2012-10-17', }); } } From 7de7a5816a3bd216531c34a7733a7e302026c34a Mon Sep 17 00:00:00 2001 From: "Marko (ServerlessLife)" Date: Mon, 10 Mar 2025 19:50:01 +0100 Subject: [PATCH 2/2] chore: add contributor --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a920196e..28e8b60b 100644 --- a/README.md +++ b/README.md @@ -331,6 +331,7 @@ If you have a new feature idea, please create and issue. (alphabetical) +- [Ben Moses](https://github.com/benjymoses) - [Kristian Dreher](https://www.linkedin.com/in/kristiandreher) - [Roger Chi](https://rogerchi.com/) - [Sebastian / avocadomaster](https://github.com/avocadomaster)