search

dawson-org / dawson-cli

A serverless web framework for Node.js on AWS (CloudFormation, CloudFront, API Gateway, Lambda)
https://dawson.sh
GNU General Public License v3.0
713 stars 25 forks source link

use CloudFormation Service Role and lower privileges for CLI users #159

Closed lusentis closed 6 years ago

lusentis commented 7 years ago

dawson will soon switch to using an AWS CloudFormation Service Role, which allows us to require users to grant fine-grained permissions. We will then provide a copy-pasteable Policy for users to set, and update the documentation accordingly. Currently, since CloudFormations runs with the CLI user's AWS Credentials, such user needs to be granted the permission to do every action, including, for example, managing DynamoDB Tables, S3 Buckets etc... Also, imagine you're adding an S3 Bucket as a custom resource to your app. dawson will create such S3 Bucket using CloudFormation; CloudFormation needs to be run by a user with S3::CreateBucket permission. This applies for each resource managed by dawson/CloudFormation. Again, thanks for your valuable inputs and feedbacks!

stale[bot] commented 7 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 6 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.