daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Google OAuth: explicit IAM policy + strip OIDC scopes from credentials

Browse Source
This commit is contained in:
daniel
2026-05-08 16:57:40 -05:00
parent d68ddab8a2
commit 9b56aa83df
11 changed files with 288 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cdk/cdk.out/AgentClawStack.template.json
View File

@@ -1147,6 +1147,12 @@
}
]
},
{
"Action": "secretsmanager:GetSecretValue",
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl",
"Sid": "GoogleOAuthClientSecretExact"
},
{
"Action": [
"secretsmanager:CreateSecret",
@@ -1176,7 +1182,7 @@
"Properties": {
"Code": {
"S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1",
"S3Key": "a6d7ca10ce41a486503b8ea9f109a54841bb31af9548c618fdca79ac13b34c6a.zip"
"S3Key": "b45b92872bd4af9d3688817f862e6574ff6b4903e68b140bcee6fe0b2678c645.zip"
},
"Environment": {
"Variables": {
@@ -1232,7 +1238,7 @@
],
"Metadata": {
"aws:cdk:path": "AgentClawStack/OAuthHandler/Resource",
"aws:asset:path": "asset.a6d7ca10ce41a486503b8ea9f109a54841bb31af9548c618fdca79ac13b34c6a",
"aws:asset:path": "asset.b45b92872bd4af9d3688817f862e6574ff6b4903e68b140bcee6fe0b2678c645",
"aws:asset:is-bundled": false,
"aws:asset:property": "Code"
}