chalice icon indicating copy to clipboard operation
chalice copied to clipboard

Published 20 hours ago verified publisher icon aws

documentation for policy.json

Open beugene-orcher opened this issue 5 years ago • 4 comments

Hello, Thanks for the job you've done! Chalice is the very easy framework for newcomers and flask developers.

I've been learning the framework only for 2 weeks and regularly getting errors related with aws policies. The official content about the policies is minimal. And auto-policy can't do this job by the right way if you want to add more than just a 'hello world' function.

Run chalice gen-policy (chalice==1.13.1) returns only:

{
  "Version": "2012-10-17",
  "Statement": []
}

It absolutely doesn’t help me in setting up the policy of an application that is already using dynamodb, sns and s3.

Is there an extended documentation describing the policy.json or examples for regular cases, list of actions and values.

beugene-orcher avatar Apr 23 '20 09:04 beugene-orcher

There's some info about policy generation here: https://chalice.readthedocs.io/en/latest/quickstart.html#tutorial-policy-generation, as well as more information about config values here: https://chalice.readthedocs.io/en/latest/topics/configfile.html. Do you think a separate doc page all about IAM policy generation options would be helpful?

jamesls avatar Apr 23 '20 15:04 jamesls

@jamesls Thanks, but I've checked the links before. The section "Manually Providing Policies" is provided info but not enough. It will be helpful to expand this section by:

  1. list of available actions of supported amazon services for manually providing policies;
  2. little bit more about available keys and values of policy.json;
  3. more examples how to provide a policy in popular cases: retrieving data from dynamodb, subscribing to sns notifications etc.

beugene-orcher avatar Apr 23 '20 16:04 beugene-orcher

@jamesls , this is an old thread but it would help me too. For example, I am running into some errors while providing a custom policy. It would help to have a baseline policy for the role you will be creating so that we can add it to our custom policy.

"An error occurred (InvalidParameterValueException) when calling the CreateFunction operation: The provided execution role does not have permissions to call CreateNetworkInterface on EC2"

devangmehta123 avatar Sep 29 '20 06:09 devangmehta123

Just to add, I managed to fix the problem with the help of this. Things are different inside of VPC than outside. It would be great to have a tutorial devoted to making things work OK inside a VPC.

https://stackoverflow.com/questions/41177965/aws-lambdathe-provided-execution-role-does-not-have-permissions-to-call-describ

devangmehta123 avatar Sep 29 '20 06:09 devangmehta123