All permissions needed

Question

All permissions needed

Closed this issue 10 months ago · 4 comments

Hey Guys,

We are running altimeter on our production AWS account.
It is running under a restricted access IAM role and continuously facing AccessDenied issue.
We request those permissions, but on the next run appear new ones and so on.

Is it possible to document all permissions, which should be allowed to run altimeter under a restricted access policy?

Answer 1 · 2023-11-13T15:20:09.000Z

Hi @oleksandr-yatsuk ,

I can generate a list in the next day or two, though in general I usually use a role with arn:aws:iam::aws:policy/ReadOnlyAccess attached and a second policy containing:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": "support:DescribeSeverityLevels",
            "Resource": "*"
        }
    ]
}

Answer 2 · 2023-11-13T16:23:40.000Z

Thank you @jbmchuck. It will be really helpful having the list of permissions

Answer 3 · 2023-11-14T19:00:58.000Z

Hey @oleksandr-yatsuk - this info has been added here: https://github.com/tableau/altimeter#required-iam-permissions ; please let me know if you run into any issues.

Answer 4 · 2023-11-14T19:35:13.000Z

Thanks a lot