fix(template): restrict lambdas permissions on s3 bucket

Author: Fuss Florian (uid10804)

packages/template/serverless.yml

@@ -45,13 +45,15 @@ provider:
   iamRoleStatements:
     - Effect: 'Allow'
       Action:
-        - 's3:*'
-      Resource: '*'
+        - 's3:GetObject'
+        - 's3:PutObject'
+      Resource:
+        - 'arn:aws:s3:::${self:custom.file.s3Bucket}/*'
     - Effect: 'Allow'
       Action:
-        - 's3:*'
+        - 's3:ListBucket'
       Resource:
-        - 'arn:aws:s3:::${self:custom.file.s3Bucket}/*'
+        - 'arn:aws:s3:::${self:custom.file.s3Bucket}'
 
 # The `functions` block defines what code to deploy
 functions: