search

mludvig / aws-ethereum-miner

CloudFormation template for mining Ethereum crypto currency on AWS
267 stars 152 forks source link

Which IAM role permissions should we use to run the stack? #37

Closed Iviglious closed 2 years ago

Iviglious commented 2 years ago

Hi,

I'm tried to run your stack using a Cloudformation IAM role, but it fails in the beginning by giving me permission errors;

The following resource(s) failed to create: [LambdaExecutionRole, InstanceRole, NotificationTopic]. Rollback requested by user.

AWSCloudFormation is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::5****07:role/ethminerA-LambdaExecutionRole-KV***

AWSCloudFormation is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::5****07:role/ethminerA-InstanceRole-Q5***

AWSCloudFormation is not authorized to perform: SNS:CreateTopic on resource: arn:aws:sns:us-east-1:5****07:ethminerA-NotificationTopic-XE*** because no identity-based policy allows the SNS:CreateTopic action

Looks like the IAM role should be some additional permissions to more services. If possible, please paste in your repo and add to the README the policy/role JSON you use.

Thanks!

mludvig commented 2 years ago

What permissions does the AWSCloudFormation role have?

Add at least these two and try again: iam:CreateRole and sns:CreateTopic

It may fail with more as it progresses. I’ve deployed with more Admin role so never had to sort through the detailed permissions.