Hey there is there a reference for minimum necessary IAM per Serverless Stack #sst

Join Slack

Hey there – is there a reference for minimum neces...

# sst

Michael Orcutt

07/16/2021, 7:12 PM

Hey there – is there a reference for minimum necessary IAM permissions to deploy an SST app?

Frank

07/16/2021, 7:30 PM

Hey @Michael Orcutt, we don’t right now, but we should definitely document this better.

Frank

07/16/2021, 7:33 PM

You can use the

--role-arn

option to pass in an IAM role that CloudFormation uses to provision the stacks and resources. And your local IAM credential should just need CloudFormation related permissions to kick off and monitor the deployment.

Frank

07/16/2021, 7:36 PM

Just opened an issue https://github.com/serverless-stack/serverless-stack/issues/559

Michael Orcutt

07/16/2021, 7:36 PM

Nice!

Michael Orcutt

07/16/2021, 7:37 PM

We're running into issues on Seed with CDK Bootstrap and I seemingly have the perms (but clearly don't!)

Michael Orcutt

07/16/2021, 7:41 PM

Copy code

CDKToolkit The following resource(s) failed to create: [ImagePublishingRole, FilePublishingRole, CdkBootstrapVersion, LookupRole, StagingBucket, CloudFormationExecutionRole, ContainerAssetsRepository].

Michael Orcutt

07/16/2021, 7:43 PM

"arnawsiam::{account_id{*:role/cdk*"

Michael Orcutt

07/16/2021, 7:43 PM

We have –

Michael Orcutt

07/16/2021, 7:43 PM

"iam:GetRole", "iam:PassRole", "iam:DetachRolePolicy", "iam:UntagRole", "iam:DeleteRolePolicy", "iam:TagRole", "iam:CreateRole", "iam:DeleteRole", "iam:AttachRolePolicy", "iam:PutRolePolicy", "iam:GetRolePolicy"

Michael Orcutt

07/16/2021, 7:43 PM

on that arn

Frank

07/16/2021, 7:44 PM

Can you DM me a link to the build?

Michael Orcutt

07/16/2021, 7:47 PM

Sent

Open in Slack

Previous Next