necaris
commented
3 years ago Thanks @kpasko ! We're fixing that shortly.
Closed kpasko closed 3 years ago
necaris
commented
3 years ago Thanks @kpasko ! We're fixing that shortly.
The iam policy on the website currently (https://docs.coiled.io/user_guide/backends_aws.html) is just slightly wrong as posted. Here is an adjusted json
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Setup", "Effect": "Allow", "Action": [ "iam:CreateRole", "iam:TagRole", "iam:AttachRolePolicy", "iam:DeleteRole", "ecs:CreateCluster", "ec2:CreateVpc", "ec2:ModifyVpcAttribute", "ec2:CreateInternetGateway", "ec2:AttachInternetGateway", "ec2:CreateVpcPeeringConnection", "ec2:CreateRouteTable", "ec2:CreateRoute", "ec2:CreateSubnet", "ec2:AssociateRouteTable", "ec2:ModifySubnetAttribute", "ec2:AllocateAddress", "ec2:CreateNatGateway" ], "Resource": "*" }, { "Sid": "Ongoing", "Effect": "Allow", "Action": [ "sts:GetCallerIdentity", "iam:GetRole", "iam:PassRole", "ecs:RegisterTaskDefinition", "ecs:RunTask", "ecs:ListTasks", "ecs:DescribeTasks", "ecs:DescribeClusters", "ecs:StopTask", "ecs:ListTaskDefinitions", "ecs:DescribeTaskDefinition", "ecs:ListClusters", "ecr:DescribeImages", "ecr:ListImages", "ecr:DescribeRepositories", "ecr:CreateRepository", "ecr:GetAuthorizationToken", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:PutImage", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:BatchGetImage", "ec2:DescribeSubnets", "ec2:CreateSecurityGroup", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateTags", "ec2:DescribeSecurityGroups", "ec2:DeleteSecurityGroup", "ec2:DescribeVpcs", "ec2:DescribeRouteTables", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeAvailabilityZones", "ec2:DescribeNatGateways", "ec2:DescribeNetworkInterfaces", "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:GetLogEvents" ], "Resource": "*" } ] }