search

sst / ion

❍ — a new engine for SST
https://ion.sst.dev
MIT License
1.09k stars 129 forks source link

getSSTAWSPermissions doesn't let you set `sts:AssumeRole` #383

Closed ryanleecode closed 1 month ago

ryanleecode commented 1 month ago

To generate a long lived S3 presigned url, you need to create a separate IAM role with a long life span and give the lambda function (or whatever), sts:AssumeRole permissions to assume this role and generate a presigned url.

getSSTAWSPermissions only lets you pass in resources which I don't think works in this case because this is what the permission looks like for assume role:

{
    Effect: 'Allow',
    Principal: { Service: 'some arn' },
    Action: 'sts:AssumeRole',
},
ryanleecode commented 1 month ago

actually this is completely wrong