update lambda sqs policy

Author: gitmurali

sqs/lambda_sqs_s3-role.json

@@ -1,98 +1,29 @@
 {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "S3Access",
-            "Effect": "Allow",
-            "Action": [
-                "s3:List*",
-                "s3:Get*",
-                "s3:CreateBucket",
-                "s3:PutBucketOwnershipControls",
-                "s3:PutBucketPublicAccessBlock",
-                "s3:PutObjectAcl",
-                "health:*",
-                "s3:PutObject",
-                "s3:PutBucketPolicy"
-            ],
-            "Resource": "*",
-            "Condition": {
-                "StringEquals": {
-                    "aws:RequestedRegion": "us-east-1"
-                }
-            }
-        },
-        {
-            "Sid": "S3AccessDeny",
-            "Effect": "Deny",
-            "Action": "s3:*",
-            "Resource": "*",
-            "Condition": {
-                "ForAllValues:StringNotEqualsIfExists": {
-                    "aws:RequestedRegion": "us-east-1"
-                }
-            }
-        },
-        {
-            "Sid": "S3StorageClassRestriction",
-            "Effect": "Deny",
-            "Action": [
-                "s3:PutObject"
-            ],
-            "Resource": "*",
-            "Condition": {
-                "StringNotLike": {
-                    "s3:x-amz-storage-class": [
-                        "STANDARD"
-                    ]
-                }
-            }
-        },
-        {
-            "Sid": "SQSAccess",
-            "Effect": "Allow",
-            "Action": [
-                "sqs:TagQueue",
-                "sqs:SendMessage",
-                "sqs:CreateQueue",
-                "sqs:Get*",
-                "sqs:List*"
-            ],
-            "Resource": "*",
-            "Condition": {
-                "StringEquals": {
-                    "aws:RequestedRegion": "us-east-1"
-                }
-            }
-        },
-        {
-            "Sid": "LambdaandIAMAccess",
-            "Effect": "Allow",
-            "Action": [
-                "lambda:CreateFunction",
-                "lambda:UpdateFunctionCode",
-                "lambda:UpdateFunctionEventInvokeConfig",
-                "lambda:TagResource",
-                "lambda:UpdateEventSourceMapping",
-                "lambda:InvokeFunction",
-                "lambda:List*",
-                "lambda:UpdateFunctionConfiguration",
-                "lambda:Get*",
-                "lambda:CreateEventSourceMapping",
-                "iam:CreateServiceLinkedRole",
-                "iam:PassRole",
-                "iam:Get*",
-                "iam:List*",
-                "kms:List*",
-                "tag:Describe*",
-                "tag:Get*"
-            ],
-            "Resource": "*",
-            "Condition": {
-                "StringEquals": {
-                    "aws:RequestedRegion": "us-east-1"
-                }
-            }
-        }
-    ]
-}
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Effect": "Allow",
+			"Action": [
+				"logs:*"
+			],
+			"Resource": "arn:aws:logs:*:*:*"
+		},
+		{
+			"Effect": "Allow",
+			"Action": [
+				"s3:GetObject",
+				"s3:PutObject"
+			],
+			"Resource": "arn:aws:s3:::*"
+		},
+		{
+			"Effect": "Allow",
+			"Action": [
+				"s3:*",
+				"SQS:*",
+				"s3-object-lambda:*"
+			],
+			"Resource": "*"
+		}
+	]
+}