From 268eb9f0e234e3c40ee464d09c9d539c62a6c431 Mon Sep 17 00:00:00 2001
From: Michael Nguyen <michael.nguyen@parivedasolutions.com>
Date: Tue, 10 Dec 2019 13:21:53 -0600
Subject: [PATCH] updating cloud formation.

---
 .../indexer-aws/CloudFormation/Automated/elasticsearch.yml  | 6 +++++-
 .../CloudFormation/Automated/iam-credentials.yml            | 2 --
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/provider/indexer-aws/CloudFormation/Automated/elasticsearch.yml b/provider/indexer-aws/CloudFormation/Automated/elasticsearch.yml
index 9baa1cef1..b309e03a0 100644
--- a/provider/indexer-aws/CloudFormation/Automated/elasticsearch.yml
+++ b/provider/indexer-aws/CloudFormation/Automated/elasticsearch.yml
@@ -194,7 +194,11 @@ Resources:
                     !Sub "${Environment}-IndexerServiceIamUserArn"
                   # TODO: need to create cognito user and identity pool and link it to principal for dynamic creation
                 - "arn:aws:iam::888733619319:role/Cognito_osduelasticsearchAuth_Role"
-            Action: "es:*"
+            Action:
+              - "es:*"
+              - 'cognito-identity:*'
+              - 'cognito-idp:*'
+              - 'sts:AssumeRole'
             Resource: !Sub arn:aws:es:us-east-1:846973539254:domain/${Environment}-${ElasticsearchDomainName}/*
       AdvancedOptions:
         rest.action.multi.allow_explicit_index: "true"
diff --git a/provider/indexer-aws/CloudFormation/Automated/iam-credentials.yml b/provider/indexer-aws/CloudFormation/Automated/iam-credentials.yml
index fbfc9aa48..a05ba524f 100644
--- a/provider/indexer-aws/CloudFormation/Automated/iam-credentials.yml
+++ b/provider/indexer-aws/CloudFormation/Automated/iam-credentials.yml
@@ -70,8 +70,6 @@ Resources:
                   - 'sts:AssumeRole'
                 Effect: Allow
                 Resource: '*'
-                Principal:
-                    Service: es.amazonaws.com
       UserName: !Sub ${Environment}-${IndexerServiceIamUsername}
 
   IndexerServiceIamUserAccessKey:
-- 
GitLab