From 33367d4834c148daff9329eff76c1a0182afb3b3 Mon Sep 17 00:00:00 2001 From: Jae Yi Date: Thu, 5 Dec 2024 09:28:06 -0500 Subject: [PATCH] Removes unneeded permissions for the Lambda function; uses WaiterConfig to set the max attempts to 30 --- cfn-templates/data-exports-aggregation.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/cfn-templates/data-exports-aggregation.yaml b/cfn-templates/data-exports-aggregation.yaml index 8bbfa8b9..3cea273c 100644 --- a/cfn-templates/data-exports-aggregation.yaml +++ b/cfn-templates/data-exports-aggregation.yaml @@ -632,8 +632,6 @@ Resources: Action: - iam:GetRole - iam:CreateServiceLinkedRole - - iam:DeleteServiceLinkedRole - - iam:GetServiceLinkedRoleDeletionStatus Resource: !Sub 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/aws-service-role/bcm-data-exports.amazonaws.com/AWSServiceRoleForBCMDataExports' - Effect: Allow Action: @@ -730,13 +728,17 @@ Resources: def create_service_linked_role(service_name: str, description: str): try: logger.info(f"Creating a service-linked role for {service_name}...") - role_name = iam_client.create_service_linked_role( AWSServiceName=service_name, Description=description )["Role"]["RoleName"] + + logger.info(f"Waiting for the service-linked role to be available...") waiter = iam_client.get_waiter("role_exists") - waiter.wait(RoleName=role_name) + waiter.wait( + RoleName=role_name, + WaiterConfig={'Delay': 1, 'MaxAttempts': 30} + ) time.sleep(10) # Additional wait time, just in case logger.info(