Fix pre-commit by moving policydoc to yaml

Sage-Bionetworks · Nov 16, 2023 · 0a51a25 · 0a51a25
1 parent d942836
commit 0a51a25
Showing 1 changed file with 19 additions and 27 deletions.
diff --git a/templates/IAM/snowflake-synapse-access.yaml b/templates/IAM/snowflake-synapse-access.yaml
@@ -16,33 +16,25 @@ Resources:
   SnowflakeServicePolicy:
     Type: 'AWS::IAM::ManagedPolicy'
     Properties:
-      PolicyDocument: |
-        {
-          "Version": "2012-10-17",
-          "Statement": [
-              {
-                  "Effect": "Allow",
-                  "Action": [
-                      "s3:GetObject",
-                      "s3:GetObjectVersion"
-                  ],
-                  "Resource": !Sub "arn:aws:s3:::${Stack}.datawarehouse.sagebase.org/warehouse/*"
-              },
-              {
-                  "Effect": "Allow",
-                  "Action": [
-                      "s3:ListBucket",
-                      "s3:GetBucketLocation"
-                  ],
-                  "Resource": !Sub "arn:aws:s3:::${Stack}.datawarehouse.sagebase.org",
-                  "Condition": {
-                      "StringLike": {
-                        "s3:prefix": [ "warehouse/*" ]
-                      }
-                  }
-              }
-          ]
-        }
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          -
+            Effect: Allow
+            Action:
+              - s3:GetObject
+              - s3:GetObjectVersion
+            Resource: !Sub "arn:aws:s3:::${Stack}.datawarehouse.sagebase.org/warehouse/*"
+          -
+            Effect: Allow
+            Action:
+                - s3:ListBucket
+                - s3:GetBucketLocation
+            Resource: !Sub "arn:aws:s3:::${Stack}.datawarehouse.sagebase.org"
+            Condition:
+              StringLike":
+                "s3:prefix":
+                  - "warehouse/*"
   SnowflakeServiceRole:
     Type: "AWS::IAM::Role"
     Properties: