Scope down ApiVersionMap permissions

hgreebe · hgreebe · commit bc75eb1a7e8a · 2025-06-09T08:37:37.000-04:00
diff --git a/infrastructure/parallelcluster-ui.yaml b/infrastructure/parallelcluster-ui.yaml
@@ -325,14 +325,13 @@ Resources:
                                               stage = api_url.split('/')[3]
                                               api_gateway_arns.append(f"arn:{get_partition(os.environ['AWS_REGION'])}:execute-api:{os.environ['AWS_REGION']}:{account_id}:{gateway}/{stage}/*")        
           
-                                              print(f"Version={version}, ApiURL={api_url, ")
+                                              print(f"Version={version}, ApiURL={api_url}")
                                               break
-                                      
-                                      result = result[:-1]
               
                         except Exception as e:
                             print(f"Error processing stack {stack['StackName']}: {str(e)}")
                             continue
+                result = result[:-1]
                 print(f"Result: {result}")
               
                 response_data = {"ApiVersionMapping": result, "ApiArns":  ','.join(api_gateway_arns)}
@@ -365,6 +364,9 @@ Resources:
               - Effect: Allow
                 Action:
                   - cloudformation:ListStacks
+                Resource: '*'
+              - Effect: Allow
+                Action:
                   - cloudformation:DescribeStacks
                 Resource: '*'
                 Condition:
