From 1003660c324cd5edf3ede19c927b32e8b14dfc76 Mon Sep 17 00:00:00 2001
From: Mikhail Chinkov <michael.chinkov@gmail.com>
Date: Fri, 27 Dec 2024 13:15:33 +0100
Subject: [PATCH] fix: get rid of iam permissions for shipper custom resource
 function

---
 CHANGELOG.md  | 4 ++++
 template.yaml | 6 ------
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9f4174d0..e373b68f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+### v1.1.1 / 2025-12-27
+### 🧰 Bug fixes 🧰
+- cds-1747 - Removed `iam:*` permissions from Shipper, as they were leftover from older versions as the Custom Resource use to be responsible for editing the policy directly
+
 ### v1.1.0 / 2025-12-11
 ### 💡 Enhancements (Breaking) 💡
 - cds-1705 - updated support for dynamic value allocation of Application and Subsystem names based on internal metadata
diff --git a/template.yaml b/template.yaml
index 4a7eb524..ae91416d 100644
--- a/template.yaml
+++ b/template.yaml
@@ -1166,12 +1166,6 @@ Resources:
       Runtime: python3.12
       Timeout: 900
       Policies:
-      - Statement:
-        - Sid: IAMaccess
-          Effect: Allow
-          Action:
-            - 'iam:*'
-          Resource: '*'
       - Statement:
         - Sid: EC2Access
           Effect: Allow