up icon indicating copy to clipboard operation
up copied to clipboard

Published 20 hours ago verified publisher icon apex

Minimal IAM Policy for deploying from CI

Open kevinsimper opened this issue 6 years ago • 2 comments

What would be the minimal IAM Policy for deploying, I know the policy on the website, but that has also access to EC2 and is quite broad. For example I would not need to control a domain from there.

Like it would be a role that you could put on Travis-CI and not worry about them deleting your EC2 instances.

I tried deleting everything other than Lambda, API Gateway and S3, but then I began to see that it access IAM during a deploy, couldn't it avoid that theoretically?

Would it only need access to Lambda and API Gateway?

kevinsimper avatar May 21 '18 23:05 kevinsimper

I'll try and get this together soon! It's pretty generalized right now just to avoid forcing people to update it frequently but I'll try and tighten the requirements up, and a "deploy only" policy

tj avatar May 22 '18 17:05 tj

Might want to close this as a duplicate of #148

Prinzhorn avatar Jun 09 '18 15:06 Prinzhorn