sst
customize-the-serverless-iam-policy.md - suggestions
under "An advanced IAM Policy template", recommending the following updates
- update (twice)
Why: PATCH is needed for any deployment after the first one
"apigateway:GET",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"
to
"apigateway:GET",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"
- update
WHY: ensure code only has access to S3 permissions within project; create, update, delete, list
"arn:aws:s3:::*"
to
"arn:aws:s3:::<service_name>*"
- update
WHY: ensure code only has access to S3 permissions within project; upload
"arn:aws:s3:::*/*"
to
"arn:aws:s3:::<service_name>*/*"
Yeah these make sense. Do you mind editing the chapter and submitting a PR?
Jay: sure, no problem. Looking at your CONTRIBUTING.md, don't see if there is a branching naming convention, or steps to properly submit a PR. Is there any? if so, can you please point me to it?
For this case you can simply edit this chapter through the GitHub web interface and submit a PR. Does that make sense?
already done, and PR has already been merged
cheers
Lior
On Sun, Mar 8, 2020 at 5:53 PM Jay V [email protected] wrote:
For this case you can simply edit this chapter through the GitHub web interface and submit a PR. Does that make sense?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/AnomalyInnovations/serverless-stack-com/issues/439?email_source=notifications&email_token=AGJLHEGRLCWCKZI2RCEHDKDRGQOXLA5CNFSM4KOUKAR2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEOFCT5Y#issuecomment-596257271, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGJLHEC54PHEN42LRCLYBBDRGQOXLANCNFSM4KOUKARQ .