If the parameter BucketNotificationResources is not set, the stack creates a policy giving read/write notification permissions on all buckets within the account. Can this logic be inverted by making the BucketNotificationResources parameter is required, and removing the * default? Is there a use case for * that prevents this inversion?
If the parameter
BucketNotificationResourcesis not set, the stack creates a policy giving read/write notification permissions on all buckets within the account. Can this logic be inverted by making theBucketNotificationResourcesparameter is required, and removing the*default? Is there a use case for*that prevents this inversion?