Update policies

Author: g-roduit

README.md

@@ -6,7 +6,7 @@
 
 ## Overview
 
-This repository contains the infrastructure for the Serverless Workshop.
+This repository contains the infrastructure for the Serverless Workshop, which aims to provide a hands-on experience with serverless architecture using AWS services. The project utilizes AWS CDK (Cloud Development Kit) to define cloud infrastructure as code.
 
 ## Prerequisites
 
@@ -20,38 +20,49 @@ Ensure that your development environment is set up with the following tools:
 
 In addition to these, your system must be properly configured with AWS credentials, possessing necessary permissions to deploy the service. For a seamless AWS credential management experience, we recommend using [aws-vault](https://github.com/99designs/aws-vault).
 
-### Setup the local development environment
+## Setting Up the Local Development Environment
 
-Start by cloning this repository:
+1. Start by cloning this repository:
 
-    $ git clone git@github.com:56kcloud/serverless-workshop.git
+    ```bash
+    git clone git@github.com:56kcloud/serverless-workshop.git
+    ```
 
-Create a virtual Python envrionement and install dependencies:
+2. Create a virtual Python environment and install dependencies:
 
-    $ cd serverless-workshop
-    $ python3.9 -m venv .venv
-    $ source .venv/bin/activate
-    $ pip install -r requirements-dev.txt
+    ```bash
+    cd serverless-workshop
+    python3.9 -m venv .venv
+    source .venv/bin/activate
+    pip install -r requirements-dev.txt
+    ```
 
+## Testing
 
-### Testing
-
-Run Python tests:
-
-    $ python -m pytest -v test.py --cov=stacks --cov-report=html
+Run Python tests to ensure everything is functioning correctly:
 
+```bash
+python -m pytest -v test.py --cov=stacks --cov-report=html
+```
 
 ## Deployment
 
+### Bootstrapping
 
-**Bootstrapping**
-
-To deploy AWS CDK apps into an AWS [environment](https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html), you will need to provision the necessary resources.
+To deploy AWS CDK apps into an AWS [environment](https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html), you will need to provision the necessary resources. Run the following command:
 
 ```bash
 aws-vault exec shared-services-full-access -- cdk bootstrap
 ```
 
 ### Live Infrastructure Deployment
 
-Please note that the deployment process is automatically triggered via a Github action when `serverless-workshop` is pushed.
+Please note that the deployment process is automatically triggered via a GitHub action when changes are pushed to the `serverless-workshop` repository.
+
+## Contributing
+
+We welcome contributions to this project! Please fork the repository and submit a pull request for any changes or improvements.
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

lambdas/api/handler.py

@@ -16,7 +16,7 @@ def handle(event, context):
         return {
             'statusCode': 200,
             'headers': {'Content-Type': 'application/json'},
-            'body': json.dumps({"message": f"hello {team} !"})
+            'body': json.dumps({"message": f"Hello {team} !"})
         }
     else:
         return {

stacks/oidc_provider.py

@@ -31,6 +31,22 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:
             ),
             max_session_duration=Duration.hours(1),
             managed_policies=[
-                iam.ManagedPolicy.from_aws_managed_policy_name("AdministratorAccess")
+                iam.ManagedPolicy.from_aws_managed_policy_name("AWSCloudFormationFullAccess"),
+                iam.ManagedPolicy.from_aws_managed_policy_name("AWSLambda_FullAccess"),
+                iam.ManagedPolicy.from_aws_managed_policy_name("AmazonAPIGatewayAdministrator"),
+                iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSSMFullAccess"),
+                iam.ManagedPolicy.from_aws_managed_policy_name("AmazonS3FullAccess"),
             ]
         )
+
+        self.role.add_to_policy(iam.PolicyStatement(
+            actions=[
+                "cloudformation:*",
+                "s3:*",
+                "iam:*",
+                "lambda:*",
+                "logs:*"
+            ],
+            resources="*"
+
+        ))