xinbinhuang commented on pull request #20: URL: https://github.com/apache/airflow-ci-infra/pull/20#issuecomment-832073207
> This maybe should be a separate lambda -- that way the one that responds to WebHooks (i.e. is publically accessible at all) can not have permission to _update_ anything in SSM. Good point! Though it's indeed a separate lambda, I think they currently share the same IAM. I will update a [per lambda IAM role](https://aws.github.io/chalice/topics/configfile.html#per-lambda-examples) in the config -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
