creation process of IAM template under permissioned for dynamo and cloudwatch
Closed this issue · 4 comments
ive added a bunch of scripts that help with my development workflow.
How to use theses scripts
- Create IAM Role for Lambda
- Upload function
- Create Kinesis stream and Lambda event source
- start inv generate events
For example on step 1
$ bash create_role.sh
For example on step 2
$ bash upload_function.sh
Summary of Issue
I'm not understanding the template. Its basic json, and I tried putting in dynamo and cloudwatch into the template but failed.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html
I have manually provisioned an admin and attached the policy to the exec role that gets created.
terrible. so dynamodb and cloudwatch fail silently due to permissioning errors with default template.
and never show up on my cloudwatch below:
https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#logs
Hey @bigsnarfdude - does the IAM policy fail if you attempt to attach it in the UI as well? Or just at the CLI.
- i can create the IAM role and basic exec policy (ends up allowing lambda to read kinesis, but cloudwatch and dynamodb can't write logs because of permissions)
- my workaround the permissions issues, is that I manually attach an admin policy to the role manually via the IAM console.
- rerun "inv generate_events" and lambda happily processes. but we don't want an administrator policy being attached to this lambda...
Okay thanks, makes sense.
Issue closed with merge to master - pre-release. Bash scripts converted to grunt tasks.