IAM Role permissions

[melvyn-apryl]

Could you document what minimum permissions are needed for the role set in the settings file?

I'm currently going with AdministratorAccess-AWSElasticBeanstalk, but I think it's too permissive.

[melvyn-apryl]

Looking at the code it needs ability to read/write to queues and to create them. The corresponding managed policy for this is arn:aws:iam::aws:policy/AmazonSQSFullAccess.

Now, if you want proper security and also have django-storages you are now faced with the problem that both packages use the same settings keys for the credentials. Since django storages is much older, it would be prudent to either wrap the settings in its own dict (like many other packages do), or keep using the AWS_EB prefix for all settings. I prefer the first as it eliminates name conflicts quite effectively.