Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(ses-actions): permissions too wide for S3 action (#29833)
### Issue # (if applicable) Closes #29811, continuation of @msambol 's #29823 ### Reason for this change Reduce overly broad permissions allocated to SES for the S3 receipt rule action ### Description of changes * Restrain by both rule set and rule name, as recommended in the [docs](https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html#receiving-email-permissions-s3) * Accomplished by generating the permission lazily, when the rule is rendering the actions for CloudFormation ### Description of how you validated changes Updated the unit and integration tests. The integration now uses a free test WorkMail domain. It's a bit of manual setup upfront, but doesn't require the contributor to use one of their own domains ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information