search

remind101 / stacker_blueprints

DEPRECATED - moved to:
https://github.com/cloudtools/stacker_blueprints
BSD 2-Clause "Simplified" License
39 stars 53 forks source link

Blueprint for ec2 roles #103

Open aarcro opened 7 years ago

aarcro commented 7 years ago

I was going to create an s3 stack, but I don't see how to create the role that setting ReadWriteRoles would add a policy to.

I can work on a PR for this. Does it make more sense to have a blueprint that creates a bunch of ec2 and/or lambda roles, or just a single one.

phobologic commented 7 years ago

I think this is mainly up to how people want to implement this. Here at Remind, for example, we have a blueprint "per application" that handles a lot of the common setup for those applications, including setting up a Role and some default permissions (we let most apps do anything with any dynamodb tables named after the environment + app name, etc).

A simple role creation blueprint should be really easy with TroposphereTypes btw, similar to how we build the s3 bucket blueprint.

aarcro commented 7 years ago

Are there any examples of these "per application" blueprints? I looked at Empire here a bit, but it was all methods that didn't do anything. I suppose that's something of a skeleton.

Maybe doc that kind of workflow at least.