Hello, how are you? I am creating this pull request to change your application, so each service defined in .vtex/deployment.json has their own IAM role.
This is the initial step for creating a role for our beanstalk applications, here at VTEX. The next step is to edit each role, so that each service has the least privilege that it needs to run.
What is an IAM Role?
An IAM role defines what privileges an app has when interacting with cloud resources (such as S3 objects, SQS queues, SNS objects and so on).
Today, every app receives a general role, which has far more privileges than it needs.
Setting application's IAM Role
Hello, how are you? I am creating this pull request to change your application, so each service defined in
.vtex/deployment.jsonhas their own IAM role. This is the initial step for creating a role for our beanstalk applications, here at VTEX. The next step is to edit each role, so that each service has the least privilege that it needs to run.What is an IAM Role?
An IAM role defines what privileges an app has when interacting with cloud resources (such as S3 objects, SQS queues, SNS objects and so on). Today, every app receives a general role, which has far more privileges than it needs.
Where is my role defined?
Each service has it own roles:
We have documented the process for creating/editing this file here.
I have more questions
You can contact us at
#trusthubin Slack.