chore(aws-cdk-testing): fix integ test case using unrestricted principal for role

mrgrain · mrgrain · commit a7b730608e9d · 2023-12-18T10:03:24.000Z
This test case is flagged up by automated security tooling.
There is no actual risk since this is a test stack that is only short-lived and the permissions for the role only allow consuming messages from a queue that doesn't hold any data.
diff --git a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/simple-app/app.js b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/simple-app/app.js
@@ -14,7 +14,7 @@ class SimpleStack extends cdk.Stack {
       visibilityTimeout: cdk.Duration.seconds(300),
     });
     const role = new iam.Role(this, 'role', {
-      assumedBy: new iam.AnyPrincipal(),
+      assumedBy: new iam.AccountRootPrincipal(),
     });
     queue.grantConsumeMessages(role);
   }

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ class SimpleStack extends cdk.Stack {`
`14`	`14`	`visibilityTimeout: cdk.Duration.seconds(300),`
`15`	`15`	`});`
`16`	`16`	`const role = new iam.Role(this, 'role', {`
`17`		`- assumedBy: new iam.AnyPrincipal(),`
	`17`	`+ assumedBy: new iam.AccountRootPrincipal(),`
`18`	`18`	`});`
`19`	`19`	`queue.grantConsumeMessages(role);`
`20`	`20`	`}`