alexa-cookbook icon indicating copy to clipboard operation
alexa-cookbook copied to clipboard
verified publisher icon alexa

Sample Permissions in ReadMe?

Open roschler opened this issue 6 years ago • 1 comments

PREFACE: The readme for the Proactive Events demo says to clone the repository. But then you have the user make changes to various files in the source tree. Shouldn't the user fork the repo instead? If not that, after cloning, checkout to a new branch? Otherwise their changes will cause merge conflicts or get clobbered if they perform a future pull. Or am I missing something here?

ADD PERMISSIONS EXAMPLE(S)

Unless the Proactive Events demo is meant to be used only by experienced AWS console admins (aka DevOps/Admin types), you really need to add a section with instructions on how to create a user and a role that can effectively execute deploy.sh without hours of pain. I assume you don't want prospective users to deploy it with full admin privileges just to get the demo working.

I had to through go several iterations of deployment fails as I discovered empirically what permissions the user I created via the IAM panel needed to deploy the demo. Each iteration included one or more stuck stack deletions and other anomalies. In the end. I had to assign the following permission policies to the user I created to successfully deploy the demo:

Attached directly

AWSLambdaFullAccess AmazonDynamoDBFullAccess AWSCloudFormationFullAccess

Inline Policies (Direct entry via JSON editor)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1469200763880",
            "Action": [
                "iam:AttachRolePolicy",
                "iam:CreateRole",
                "iam:PutRole",
                "iam:PutRolePolicy"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

The JSON above was necessary to stop the askLambdaFunctionRole step from failing repeatedly.

Also, a quick accompanying section on how to set up AWS credentials would save users a lot of confusion too. For example, I could not get the AWS region to change whenever I ran aws configure to update the configuration values. I would change that value several times and it always reverted to us-west-2. It turned out that value was in a credentials file in the .aws directory and that apparently has priority over the config file in the .aws directory.

ALLOW NOTIFICATIONS

The readme says to go to the Alexa developer console and open the PingMe skill to set notifications. But I don't believe you can do it there because there is no such setting in the skill Permissions page. Instead, I had to go to the Alexa app on my phone, left swipe to get to Skills & Games, choose the Dev list, and then enable notifications for the PingMe skill from there.

roschler avatar Nov 09 '19 03:11 roschler

Thanks Roschler for raising this!

JoeMoCode avatar Sep 18 '20 16:09 JoeMoCode