Verify IAM permissions on upgrade

apex / up

Deploy infinitely scalable serverless apps, apis, and sites in seconds to AWS.

https://up.docs.apex.sh

MIT License

8.8k stars 378 forks source link

Verify IAM permissions on upgrade #629

Open tj opened 6 years ago

tj commented 6 years ago

Currently if the policy changes the only way to notify customers is via the changelog, which is of course not ideal and can lead to confusing IAM errors.

[ ] Does AWS have an API for checking this without making resource API calls?
[ ] Add warning on upgrade (probably first deploy as well)

If AWS does not have this, I could maintain and diff a log of policy changes somewhere.

courajs commented 6 years ago

This may be what we want to use: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html