fix(AWS Deploy): Recognize LogicalResourceId in stackPolicy

serverless · Oct 15, 2021 · 1a528c2 · 1a528c2
1 parent 8401ff7
commit 1a528c2
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 2 deletions.
diff --git a/lib/plugins/aws/provider.js b/lib/plugins/aws/provider.js
@@ -466,9 +466,16 @@ class AwsProvider {
             anyOf: [
               { const: '*' },
               { $ref: '#/definitions/awsArn' },
+              { $ref: '#/definitions/awsLogicalResourceId' },
               {
                 type: 'array',
-                items: { anyOf: [{ const: '*' }, { $ref: '#/definitions/awsArn' }] },
+                items: {
+                  anyOf: [
+                    { const: '*' },
+                    { $ref: '#/definitions/awsArn' },
+                    { $ref: '#/definitions/awsLogicalResourceId' },
+                  ],
+                },
               },
             ],
           },
@@ -577,6 +584,10 @@ class AwsProvider {
             additionalProperties: false,
             required: ['securityGroupIds', 'subnetIds'],
           },
+          awsLogicalResourceId: {
+            type: 'string',
+            pattern: '^[#A-Za-z0-9-_./]+[*]?$',
+          },
           awsLogGroupName: {
             type: 'string',
             pattern: '^[/#A-Za-z0-9-_.]+$',

diff --git a/test/unit/lib/plugins/aws/lib/updateStack.test.js b/test/unit/lib/plugins/aws/lib/updateStack.test.js
@@ -162,6 +162,18 @@ describe('updateStack', () => {
           Action: 'Update:*',
           Resource: '*',
         },
+        {
+          Effect: 'Allow',
+          Principal: '*',
+          Action: 'Update:*',
+          Resource: 'LogicalResourceId/myEC2instance',
+        },
+        {
+          Effect: 'Deny',
+          Principal: '*',
+          Action: ['Update:Replace', 'Update:Delete'],
+          Resource: 'LogicalResourceId/CriticalResource*',
+        },
       ];
 
       return awsDeploy.update().then(() => {
@@ -170,7 +182,9 @@ describe('updateStack', () => {
           { Key: 'tag1', Value: 'value1' },
         ]);
         expect(updateStackStub.args[0][2].StackPolicyBody).to.equal(
-          '{"Statement":[{"Effect":"Allow","Principal":"*","Action":"Update:*","Resource":"*"}]}'
+          '{"Statement":[{"Effect":"Allow","Principal":"*","Action":"Update:*","Resource":"*"},' +
+            '{"Effect":"Allow","Principal":"*","Action":"Update:*","Resource":"LogicalResourceId/myEC2instance"},' +
+            '{"Effect":"Deny","Principal":"*","Action":["Update:Replace","Update:Delete"],"Resource":"LogicalResourceId/CriticalResource*"}]}'
         );
       });
     });