List of required IAM permissions to `apply`

jorgebastida / gordon

λ Gordon is a tool to create, wire and deploy AWS Lambdas using CloudFormation

Other

2.05k stars 137 forks source link

List of required IAM permissions to `apply` #124

Open mbattifarano opened 7 years ago

mbattifarano commented 7 years ago

It'd be great if the docs listed the minimum set of aws permissions needed to run gordon apply. The permission I eventually got to work are:

iam:*
s3:*
cloudformation:*
lambda:*

I'm happy to open a PR to update the docs, but I wanted to get some feedback on the list. In particular, if any of the permissions can be more specific.

ericdmoore commented 7 years ago

Agreed. Great idea to add to docs - assuming that is all that is needed.

candlerb commented 7 years ago

A minimal permission set would be very helpful. For example, iam:* is excessively broad: it allows creating users, adding users to groups, changing passwords etc.

candlerb commented 6 years ago

There is some excellent work in this area at https://github.com/serverless/serverless/issues/1439