search

Boavizta / cloud-scanner

📡 Get Boavizta impact data for your aws cloud account usage.
GNU Affero General Public License v3.0
32 stars 7 forks source link

Create an aws security role for cloud-scanner with terraform #402

Open demeringo opened 6 months ago

demeringo commented 6 months ago

Problem

No easy way for a beginner to initialize an aws profile / role / policy with just the minimum permissions to use cloud scanner (except if deploying with serverless).

Solution

Provide a terraform script for this.

We should be able to reuse the policy created in the serverless deployment (ideally make it common if format permit it).

Maybe give example of restricting access to specific resources ?

Alternatives

Additional context or elements

See also #77

demeringo commented 4 months ago

See also #147

demeringo commented 4 months ago

We should also verify if the following permission is really needed. Effect: Allow Action: "cloudwatch:DescribeAlarm" Resource: "*"