From 0a51a2577d6c9047f7b5e0feafd050a5933f709f Mon Sep 17 00:00:00 2001 From: Xavier Schildwachter Date: Thu, 16 Nov 2023 13:14:30 -0800 Subject: [PATCH] Fix pre-commit by moving policydoc to yaml --- templates/IAM/snowflake-synapse-access.yaml | 46 +++++++++------------ 1 file changed, 19 insertions(+), 27 deletions(-) diff --git a/templates/IAM/snowflake-synapse-access.yaml b/templates/IAM/snowflake-synapse-access.yaml index a651ddc..2083adb 100644 --- a/templates/IAM/snowflake-synapse-access.yaml +++ b/templates/IAM/snowflake-synapse-access.yaml @@ -16,33 +16,25 @@ Resources: SnowflakeServicePolicy: Type: 'AWS::IAM::ManagedPolicy' Properties: - PolicyDocument: | - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion" - ], - "Resource": !Sub "arn:aws:s3:::${Stack}.datawarehouse.sagebase.org/warehouse/*" - }, - { - "Effect": "Allow", - "Action": [ - "s3:ListBucket", - "s3:GetBucketLocation" - ], - "Resource": !Sub "arn:aws:s3:::${Stack}.datawarehouse.sagebase.org", - "Condition": { - "StringLike": { - "s3:prefix": [ "warehouse/*" ] - } - } - } - ] - } + PolicyDocument: + Version: 2012-10-17 + Statement: + - + Effect: Allow + Action: + - s3:GetObject + - s3:GetObjectVersion + Resource: !Sub "arn:aws:s3:::${Stack}.datawarehouse.sagebase.org/warehouse/*" + - + Effect: Allow + Action: + - s3:ListBucket + - s3:GetBucketLocation + Resource: !Sub "arn:aws:s3:::${Stack}.datawarehouse.sagebase.org" + Condition: + StringLike": + "s3:prefix": + - "warehouse/*" SnowflakeServiceRole: Type: "AWS::IAM::Role" Properties: