I think this plugin is very useful for manipulating stage variables. However, I don't want my ability to easily handle stage variabels in serverless.yml to come at the expense of adding unnecessary permissions to my AWS deployment user.
In my institution's case, we would only like to be able to control the API caching variables and don't need to touch any of the CloudWatch functionality. So giving our deployment user CreateRole/GetRole is too broad.
I am considering creating a PR where either 1) the functionality can be manually turned off through the stageSettings or 2) the cloudwatch permissions are only required if certain MethodSettings that rely on it are manipulated.
Happy to contribute. Currently leaning towards the second implementation as this means less configuration for the end-user.
Wondering your thoughts if you're continuing to maintain this plugin.
leftclickben
commented
6 years ago
I think this plugin is very useful for manipulating stage variables. However, I don't want my ability to easily handle stage variabels in
serverless.ymlto come at the expense of adding unnecessary permissions to my AWS deployment user.In my institution's case, we would only like to be able to control the API caching variables and don't need to touch any of the CloudWatch functionality. So giving our deployment user CreateRole/GetRole is too broad.
I am considering creating a PR where either 1) the functionality can be manually turned off through the
stageSettingsor 2) the cloudwatch permissions are only required if certainMethodSettingsthat rely on it are manipulated.Happy to contribute. Currently leaning towards the second implementation as this means less configuration for the end-user.
Wondering your thoughts if you're continuing to maintain this plugin.