I’ve been successfully using the new AWS EventBridge feature with the serverless framework.
The only “issue” (maybe) I’m seeing is that I need to use a wildcard for IAM permissions (so far).
- Effect: Allow Action: - events:PutEvents Resource: "*"
Without the wildcard I always see the error:
'User: arn:aws:iam::xxxx:user/xxxx is not authorized to perform: events:PutEvents on resource: *'
Using the new dashboard with the safe guards I always see the warning:
1) Warned - iamRoleStatement granting Resource='*'. Wildcard resources in iamRoleStatements are not permitted. details: http://slss.io/sg-no-wild-iam-role Prevent "*" permissions being used in AWS IAM Roles by checking for wildcards on Actions and Resources in grant statements.
For all my other serverlesss framework functions I do not use wildcards, but to enable EventBridge PutEvents I have to (so far) add the wildcard, thus triggering the safe guards warning.
My question is, is this how it is?
I need to have a wildcard to enable EventBridge usage?
If so maybe I can add an exclusion rule to the safe guards to all this wildcard for this service?
Any feedback much appreciated.