List of required IAM permissions to `apply`

Question

List of required IAM permissions to `apply`

mbattifarano opened this issue 8 years ago · 3 comments

It'd be great if the docs listed the minimum set of aws permissions needed to run gordon apply. The permission I eventually got to work are:

iam:*
s3:*
cloudformation:*
lambda:*

I'm happy to open a PR to update the docs, but I wanted to get some feedback on the list. In particular, if any of the permissions can be more specific.

Answer 1 · 2017-03-09T22:23:48.000Z

Agreed. Great idea to add to docs - assuming that is all that is needed.

Answer 2 · 2017-08-18T11:17:36.000Z

A minimal permission set would be very helpful. For example, iam:* is excessively broad: it allows creating users, adding users to groups, changing passwords etc.

Answer 3 · 2017-09-20T19:56:24.000Z

There is some excellent work in this area at serverless/serverless#1439