EventBridge PutEvents Wildcard Warning

Serverless Framework
1

Hi,

I’ve been successfully using the new AWS EventBridge feature with the serverless framework.

The only “issue” (maybe) I’m seeing is that I need to use a wildcard for IAM permissions (so far).

    - Effect: Allow
  Action:
    - events:PutEvents
  Resource: "*"

Without the wildcard I always see the error:

'User: arn:aws:iam::xxxx:user/xxxx is not authorized to perform: events:PutEvents on resource: *'

Using the new dashboard with the safe guards I always see the warning:

   1) Warned - iamRoleStatement granting Resource='*'. Wildcard resources in iamRoleStatements are not permitted.                                                            
  details: http://slss.io/sg-no-wild-iam-role                                                                                                                            
  Prevent "*" permissions being used in AWS IAM Roles by checking for wildcards on Actions and Resources in grant statements.

For all my other serverlesss framework functions I do not use wildcards, but to enable EventBridge PutEvents I have to (so far) add the wildcard, thus triggering the safe guards warning.

My question is, is this how it is?

I need to have a wildcard to enable EventBridge usage?

If so maybe I can add an exclusion rule to the safe guards to all this wildcard for this service?

Any feedback much appreciated.

Thanks!

1 Like
2

I know this is old, but I had the same issue. For me it doesn’t show the exact same error. The last part of the error doesn’t say * but says something like:

“User: arn:aws:iam::xxxx:user/xxxx is not authorized to perform: events:PutEvents on resource: arn:aws:events:eu-west-1:nnnnnnnnnn:event-bus/default”.

The resource is in the error, so in my case I can use:

    - Effect: Allow
      Action:
        - events:PutEvents
      Resource:
        - arn:aws:events:*

If yours really says * I don’t have an answer, but otherwise that’s probably your resource.