github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/sam/AVD-AWS-0120/CloudFormation.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/sam/AVD-AWS-0120/CloudFormation.md (about)

     1  
     2  Specify the exact permissions required, and to which resources they should apply instead of using wildcards.
     3  
     4  ```yaml---
     5  AWSTemplateFormatVersion: 2010-09-09
     6  Description: Good Example of SAM Function
     7  Resources:
     8    GoodFunction:
     9      Type: AWS::Serverless::StateMachine
    10      Properties:
    11        Definition:
    12          StartAt: MyLambdaState
    13          States:
    14            MyLambdaState:
    15              Type: Task
    16              Resource: arn:aws:lambda:us-east-1:123456123456:function:my-sample-lambda-app
    17              End: true
    18        Role: arn:aws:iam::123456123456:role/service-role/my-sample-role
    19        Tracing:
    20          Enabled: true
    21        Policies:  
    22          - AWSLambdaExecute
    23          - Version: '2012-10-17'
    24            Statement:
    25            - Effect: Allow
    26              Action:
    27              - s3:GetObject
    28              - s3:GetObjectACL
    29              Resource: 'arn:aws:s3:::my-bucket/*'
    30  
    31  ```
    32  
    33