serverless-api-stage icon indicating copy to clipboard operation
serverless-api-stage copied to clipboard

Published 20 hours ago verified publisher icon leftclickben

Cannot use without CreateRole/GetRole permission

Open etgrieco opened this issue 6 years ago • 1 comments

I think this plugin is very useful for manipulating stage variables. However, I don't want my ability to easily handle stage variabels in serverless.yml to come at the expense of adding unnecessary permissions to my AWS deployment user.

In my institution's case, we would only like to be able to control the API caching variables and don't need to touch any of the CloudWatch functionality. So giving our deployment user CreateRole/GetRole is too broad.

I am considering creating a PR where either 1) the functionality can be manually turned off through the stageSettings or 2) the cloudwatch permissions are only required if certain MethodSettings that rely on it are manipulated.

Happy to contribute. Currently leaning towards the second implementation as this means less configuration for the end-user.

Wondering your thoughts if you're continuing to maintain this plugin.

etgrieco avatar Jun 06 '18 20:06 etgrieco

FYI @etgrieco https://github.com/leftclickben/serverless-api-stage/pull/17/files

leftclickben avatar Jul 04 '18 16:07 leftclickben