Open aarcro opened 7 years ago
I think this is mainly up to how people want to implement this. Here at Remind, for example, we have a blueprint "per application" that handles a lot of the common setup for those applications, including setting up a Role and some default permissions (we let most apps do anything with any dynamodb tables named after the environment + app name, etc).
A simple role creation blueprint should be really easy with TroposphereTypes btw, similar to how we build the s3 bucket blueprint.
Are there any examples of these "per application" blueprints? I looked at Empire here a bit, but it was all methods that didn't do anything. I suppose that's something of a skeleton.
Maybe doc that kind of workflow at least.
I was going to create an s3 stack, but I don't see how to create the role that setting ReadWriteRoles would add a policy to.
I can work on a PR for this. Does it make more sense to have a blueprint that creates a bunch of ec2 and/or lambda roles, or just a single one.