Move 'cloudformation:List|Get' permissions to dev|ci.

FormidableLabs / terraform-aws-serverless

Infrastructure support for Serverless framework apps, done the right way

https://registry.terraform.io/modules/FormidableLabs/serverless/aws

MIT License

144 stars 19 forks source link

Move 'cloudformation:List|Get' permissions to dev|ci. #31

Closed ryan-roemer closed 5 years ago

ryan-roemer commented 5 years ago

Move cloudformation:List|Get permissions to developer|ci policy since they're limited already to sls_cloudformation_arn. Fixes #26

/cc @declension -- Not sure if you still need this, but there seems to be no reason for me to not move the List|Get cloudformation permissions scoped to a specific stack to the more permissive developer|ci policy. Let me know if this helps your original scenario if you have a moment to review!

declension commented 5 years ago

Thanks! This could avoid the need for us to add any manual CF permissions afterwards.

I can't validate it right here but will hopefully can get some time to try it out next week (assuming you merge & release)

ryan-roemer commented 5 years ago

Released in https://registry.terraform.io/modules/FormidableLabs/serverless/aws/0.2.1