parser-api icon indicating copy to clipboard operation
parser-api copied to clipboard

Published 20 hours ago • verified publisher icon postlight

Might be helpful to link to sample/suggested AWS IAM permissions for deploy

Open jeffehobbs opened this issue 5 years ago • 6 comments

Ran through an AWS lambda install this morning -- flawless, and worked great, right out of the box. Kudos for providing such a smooth path for transition for your users. Highly appreciated.

The one place I did get stuck for a while was setting the specific IAM/cloudformation permissions within the AWS console -- this took several tries to get right. It would be helpful to state (or link to) a sample of what the permissions required for AWS deploy are for this project.

jeffehobbs avatar Mar 08 '19 18:03 jeffehobbs

I also had problem with that and eventually gave up and deployed using the root account access keys.

Muffo avatar Mar 20 '19 04:03 Muffo

... which ones did you end up setting? @jeffehobbs

heyalexchoi avatar Mar 24 '19 03:03 heyalexchoi

Agree with this. Not entirely sure what permissions I've granted at this point...

mkiser avatar Apr 01 '19 23:04 mkiser

It's IAM. You can follow the guide on how to set up the credentials here: https://serverless.com/framework/docs/providers/aws/guide/credentials#creating-aws-access-keys

All the permissions are listed there. Once serverless is setup with aws credentials, this migration is a breeze.

tanushshukla avatar Apr 02 '19 09:04 tanushshukla

Dropped this into https://github.com/postlight/mercury-parser-api/pull/12 to help others.

mkiser avatar Apr 02 '19 17:04 mkiser

I had to create a user with custom permissions for CloudFormation execution functions. Added a custom policy and used this json code:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1449904348000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:CreateChangeSet",
                "cloudformation:ListStacks",
                "cloudformation:UpdateStack",
                "cloudformation:DescribeStacks",
                "cloudformation:DescribeStackResource",
                "cloudformation:DescribeStackEvents",
                "cloudformation:ValidateTemplate",
                "cloudformation:DescribeChangeSet",
                "cloudformation:ExecuteChangeSet",
                "cloudformation:GetTemplateSummary"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

joelrojo avatar Apr 19 '19 16:04 joelrojo