From a7b730608e9d142469f9be1cc8f465fc66cf261f Mon Sep 17 00:00:00 2001
From: Momo Kornher <kornherm@amazon.co.uk>
Date: Mon, 18 Dec 2023 10:03:24 +0000
Subject: [PATCH] chore(aws-cdk-testing): fix integ test case using
 unrestricted principal for role

This test case is flagged up by automated security tooling.
There is no actual risk since this is a test stack that is only short-lived and the permissions for the role only allow consuming messages from a queue that doesn't hold any data.
---
 .../cli-integ/resources/cdk-apps/simple-app/app.js              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/simple-app/app.js b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/simple-app/app.js
index e1c644cdbd4c3..f709fbbb44e47 100755
--- a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/simple-app/app.js
+++ b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/simple-app/app.js
@@ -14,7 +14,7 @@ class SimpleStack extends cdk.Stack {
       visibilityTimeout: cdk.Duration.seconds(300),
     });
     const role = new iam.Role(this, 'role', {
-      assumedBy: new iam.AnyPrincipal(),
+      assumedBy: new iam.AccountRootPrincipal(),
     });
     queue.grantConsumeMessages(role);
   }