Closed mrserverless closed 6 years ago
I was looking at https://github.com/puresec/serverless-puresec-cli for this case
For now I'm going to just stick to the out of box iam role generation from serverless.yml. Of course any external plugins should also work
Updated the Kinesis example to have more granular permissions: https://github.com/yunspace/serverless-golang/blob/master/examples/aws-golang-kinesis/serverless.yml#L14-L19
iamRoleStatements:
- Effect: "Allow"
Resource: ${env:AWS_KINESIS_ARN}
Action:
- "kinesis:GetRecords"
- "kinesis:GetShardIterator"
- "kinesis:DescribeStream"
- "kinesis:ListStreams"
- "kinesis:PutRecord"
- "kinesis:PutRecords"
Current permission are too open https://github.com/yunspace/serverless-golang/blob/master/examples/aws-golang-kinesis/serverless.yml#L14
Provide more realistic and production ready permissions.