From a6c155f8743c654ad99ccdb0db7a1bfe6259689d Mon Sep 17 00:00:00 2001
From: Alexander Melnyk <amelnyk@amazon.com>
Date: Tue, 19 Jul 2022 17:03:04 +0200
Subject: [PATCH] fix(ci): keep layer version permission

---
 layer/layer/layer_stack.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/layer/layer/layer_stack.py b/layer/layer/layer_stack.py
index 15f3d3fdcb8..c29c3816f55 100644
--- a/layer/layer/layer_stack.py
+++ b/layer/layer/layer_stack.py
@@ -1,4 +1,5 @@
 from aws_cdk import RemovalPolicy, Stack
+from aws_cdk.aws_lambda import CfnLayerVersionPermission
 from aws_cdk.aws_ssm import StringParameter
 from cdk_lambda_powertools_python_layer import LambdaPowertoolsLayer
 from constructs import Construct
@@ -14,7 +15,15 @@ def __init__(
             self, "Layer", layer_version_name="AWSLambdaPowertoolsPython", version=powertools_version
         )
 
-        layer.add_permission("PublicLayerAccess", account_id="*")
+        layer_permission = CfnLayerVersionPermission(
+            self,
+            "PublicLayerAccess",
+            action="lambda:GetLayerVersion",
+            layer_version_arn=layer.layer_version_arn,
+            principal="*",
+        )
+
+        layer_permission.apply_removal_policy(RemovalPolicy.RETAIN)
         layer.apply_removal_policy(RemovalPolicy.RETAIN)
 
         StringParameter(self, "VersionArn", parameter_name=ssm_paramter_layer_arn, string_value=layer.layer_version_arn)