Open AnthonySheetz opened 7 years ago
Experiencing the same issue described above by @asheetz2000, but with a different "Describe". Curious how other folks are working around this?
[EDIT: Earlier I Had a Big "Me Too!" Here, But Figured It Out]
To @asheetz2000 ...
I think the way to accomplish what you want is by using "policy -> statements" in kappa.yml.
For example, do something like this:
environments:
prod:
region: us-east-1
policy:
statements:
- Effect: Allow
Resource: "*"
Action:
- "cloudwatch:DescribeAlarms"
As you've discovered, using "policy -> resources" won't work because policy.py
wants to parse the ARN, so this is no good:
environments:
prod:
region: us-east-1
policy:
resources:
- arn: "*"
action:
- "cloudwatch:DescribeAlarms"
For more information, see the "Policies" section at the bottom of the README: https://github.com/garnaat/kappa/blob/develop/README.rst#policies
There are a collection of permissions which aren't attached to resources. I can't find a way to specify these in a policy.
This does not work:
as it produces
Put another way, I have been unable to find a way to apply the following policy:
This is either a bug in documentation, or a bug in code; not sure which
This would affect all the permissions at this link: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ec2-api-permissions.html#ec2-api-unsupported-resource-permissions