github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/sam/AVD-AWS-0114/CloudFormation.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/sam/AVD-AWS-0114/CloudFormation.md (about)

     1  
     2  Specify the exact permissions required, and to which resources they should apply instead of using wildcards.
     3  
     4  ```yaml---
     5  AWSTemplateFormatVersion: 2010-09-09
     6  Description: Good Example of SAM Function
     7  Resources:
     8    GoodFunction:
     9      Type: AWS::Serverless::Function
    10      Properties:
    11        PackageType: Image
    12        ImageUri: account-id.dkr.ecr.region.amazonaws.com/ecr-repo-name:image-name
    13        ImageConfig:
    14          Command:
    15            - "app.lambda_handler"
    16          EntryPoint:
    17            - "entrypoint1"
    18          WorkingDirectory: "workDir"
    19        Policies:  
    20          - AWSLambdaExecute
    21          - Version: '2012-10-17'
    22            Statement:
    23            - Effect: Allow
    24              Action:
    25              - s3:GetObject
    26              - s3:GetObjectACL
    27              Resource: 'arn:aws:s3:::my-bucket/*'
    28  
    29  ```
    30  
    31