up
up copied to clipboard
Minimal IAM Policy for deploying from CI
What would be the minimal IAM Policy for deploying, I know the policy on the website, but that has also access to EC2 and is quite broad. For example I would not need to control a domain from there.
Like it would be a role that you could put on Travis-CI and not worry about them deleting your EC2 instances.
I tried deleting everything other than Lambda, API Gateway and S3, but then I began to see that it access IAM during a deploy, couldn't it avoid that theoretically?
Would it only need access to Lambda and API Gateway?
I'll try and get this together soon! It's pretty generalized right now just to avoid forcing people to update it frequently but I'll try and tighten the requirements up, and a "deploy only" policy
Might want to close this as a duplicate of #148