django-eb-sqs-worker icon indicating copy to clipboard operation
django-eb-sqs-worker copied to clipboard

Published 20 hours ago verified publisher icon DataGreed

IAM Role permissions

Open melvyn-apryl opened this issue 3 years ago • 1 comments

Could you document what minimum permissions are needed for the role set in the settings file?

I'm currently going with AdministratorAccess-AWSElasticBeanstalk, but I think it's too permissive.

melvyn-apryl avatar May 23 '21 16:05 melvyn-apryl

Looking at the code it needs ability to read/write to queues and to create them. The corresponding managed policy for this is arn:aws:iam::aws:policy/AmazonSQSFullAccess.

Now, if you want proper security and also have django-storages you are now faced with the problem that both packages use the same settings keys for the credentials. Since django storages is much older, it would be prudent to either wrap the settings in its own dict (like many other packages do), or keep using the AWS_EB prefix for all settings. I prefer the first as it eliminates name conflicts quite effectively.

melvyn-apryl avatar May 24 '21 07:05 melvyn-apryl