search

mweagle / Sparta

go microservices, powered by AWS Lambda
https://gosparta.io
MIT License
716 stars 48 forks source link

Minimum AWS policies/permissions required? #71

Closed 0xdevalias closed 6 years ago

0xdevalias commented 7 years ago

Couldn't find this when I was skimming through the docs again today, but may have just missed it. So far I have the following (and maybe some other S3 stuff already on my user), but it would be nice to have a canonical "this is all the things you need in a secure way"

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1505975332000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:*"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1505975350000",
            "Effect": "Allow",
            "Action": [
                "iam:GetRole",
                "iam:DeleteRole",
                "iam:DeleteRolePolicy",
                "iam:PutRolePolicy"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}
mweagle commented 7 years ago

Agreed - I'm not sure that's very well documented (if at all). I'll add a FAQ entry with the minimum policy to provision as part of revamping the docs for the 0.20.0 release.

mweagle commented 6 years ago

Finally got around to updating the FAQ with this: http://gosparta.io/docs/faq/

Thanks for the feedback.