Might be helpful to link to sample/suggested AWS IAM permissions for deploy

postlight / parser-api

🚀 A drop-in replacement for the Postlight Parser API.

https://reader.postlight.com/

Apache License 2.0

282 stars 113 forks source link

Might be helpful to link to sample/suggested AWS IAM permissions for deploy #9

Open jeffehobbs opened 5 years ago

jeffehobbs commented 5 years ago

Ran through an AWS lambda install this morning -- flawless, and worked great, right out of the box. Kudos for providing such a smooth path for transition for your users. Highly appreciated.

The one place I did get stuck for a while was setting the specific IAM/cloudformation permissions within the AWS console -- this took several tries to get right. It would be helpful to state (or link to) a sample of what the permissions required for AWS deploy are for this project.

Muffo commented 5 years ago

I also had problem with that and eventually gave up and deployed using the root account access keys.

heyalexchoi commented 5 years ago

... which ones did you end up setting? @jeffehobbs

mkiser commented 5 years ago

Agree with this. Not entirely sure what permissions I've granted at this point...

tanushshukla commented 5 years ago

It's IAM. You can follow the guide on how to set up the credentials here: https://serverless.com/framework/docs/providers/aws/guide/credentials#creating-aws-access-keys

All the permissions are listed there. Once serverless is setup with aws credentials, this migration is a breeze.

mkiser commented 5 years ago

Dropped this into https://github.com/postlight/mercury-parser-api/pull/12 to help others.

joelrojo commented 5 years ago

I had to create a user with custom permissions for CloudFormation execution functions. Added a custom policy and used this json code:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1449904348000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:CreateChangeSet",
                "cloudformation:ListStacks",
                "cloudformation:UpdateStack",
                "cloudformation:DescribeStacks",
                "cloudformation:DescribeStackResource",
                "cloudformation:DescribeStackEvents",
                "cloudformation:ValidateTemplate",
                "cloudformation:DescribeChangeSet",
                "cloudformation:ExecuteChangeSet",
                "cloudformation:GetTemplateSummary"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}