[ios] Reduce scope of `:*` permissions

Currently, the core stack [grants `cognito-identity:*`](https://github.com/aws-amplify/amplify-ci-support/blob/master/src/integ_test_resources/ios/sdk/integration/cdk/cdk_integration_tests_ios/core_stack.py#L50) because the test setup code performs a lot of administrative functions during setup & tear down. We should investigate to see if we can reduce scope.

The same can be said for:

- Any test module that invokes `add_to_common_role_policies()` without any qualifiers (https://github.com/aws-amplify/amplify-ci-support/blob/master/src/integ_test_resources/common/common_stack.py#L43)
- https://github.com/aws-amplify/amplify-ci-support/blob/master/src/integ_test_resources/common/auth_utils.py#L68 (we should also consolidate the assignment of `cognito-identity` permissions while we're investigating)

It would be feasible to either reduce scope of the actions, or the resources on which those actions may be performed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[ios] Reduce scope of `:*` permissions #38

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[ios] Reduce scope of :* permissions #38

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

[ios] Reduce scope of `:*` permissions #38