Setup infrastructure permissions to spawn new lambda from existing lambda

cwaltken-edrans · cwaltken-edrans · commit 5c7009cd980c · 2017-04-12T16:27:06.000-03:00
diff --git a/infrastructure/infrastructure.go b/infrastructure/infrastructure.go
@@ -202,13 +202,22 @@ func (infra *Infrastructure) createIAMLambdaRolePolicy(roleName string) error {
 		PolicyDocument: aws.String(`{
           "Version": "2012-10-17",
           "Statement": [
-            {
-              "Action": [
-                "sqs:SendMessage"
-              ],
-              "Effect": "Allow",
-              "Resource": "arn:aws:sqs:*:*:goad-*"
-		  	},
+					{
+				 "Action": [
+						 "sqs:SendMessage"
+				 ],
+				 "Effect": "Allow",
+				 "Resource": "arn:aws:sqs:*:*:goad-*"
+		 },
+		 {
+				 "Effect": "Allow",
+				 "Action": [
+						 "lambda:Invoke*"
+				 ],
+				 "Resource": [
+						 "arn:aws:lambda:*:*:goad:*"
+				 ]
+		 },
 			{
               "Action": [
                 "logs:CreateLogGroup",
