search

mrserverless / serverless-golang

AWS Lambda Go functions using Serverless Framework and Python shim
Other
302 stars 21 forks source link

Narrow down Kinesis example IAM role permissions #26

Closed mrserverless closed 6 years ago

mrserverless commented 7 years ago

Current permission are too open https://github.com/yunspace/serverless-golang/blob/master/examples/aws-golang-kinesis/serverless.yml#L14

Provide more realistic and production ready permissions.

kmarquardsen commented 6 years ago

I was looking at https://github.com/puresec/serverless-puresec-cli for this case

mrserverless commented 6 years ago

For now I'm going to just stick to the out of box iam role generation from serverless.yml. Of course any external plugins should also work

Updated the Kinesis example to have more granular permissions: https://github.com/yunspace/serverless-golang/blob/master/examples/aws-golang-kinesis/serverless.yml#L14-L19

  iamRoleStatements:
      - Effect: "Allow"
        Resource: ${env:AWS_KINESIS_ARN}
        Action:
          - "kinesis:GetRecords"
          - "kinesis:GetShardIterator"
          - "kinesis:DescribeStream"
          - "kinesis:ListStreams"
          - "kinesis:PutRecord"
          - "kinesis:PutRecords"