Narrow down Kinesis example IAM role permissions

Question

Narrow down Kinesis example IAM role permissions

mrserverless opened this issue 8 years ago · 2 comments

Current permission are too open https://github.com/yunspace/serverless-golang/blob/master/examples/aws-golang-kinesis/serverless.yml#L14

Provide more realistic and production ready permissions.

Answer 1 · 2017-09-12T02:08:13.000Z

I was looking at https://github.com/puresec/serverless-puresec-cli for this case

Answer 2 · 2017-09-17T05:03:04.000Z

For now I'm going to just stick to the out of box iam role generation from serverless.yml. Of course any external plugins should also work

Updated the Kinesis example to have more granular permissions: https://github.com/yunspace/serverless-golang/blob/master/examples/aws-golang-kinesis/serverless.yml#L14-L19

  iamRoleStatements:
      - Effect: "Allow"
        Resource: ${env:AWS_KINESIS_ARN}
        Action:
          - "kinesis:GetRecords"
          - "kinesis:GetShardIterator"
          - "kinesis:DescribeStream"
          - "kinesis:ListStreams"
          - "kinesis:PutRecord"
          - "kinesis:PutRecords"