https://serverless-stack.com/ logo
#sst
Title
# sst
m

Michael Orcutt

07/16/2021, 7:12 PM
Hey there – is there a reference for minimum necessary IAM permissions to deploy an SST app?
f

Frank

07/16/2021, 7:30 PM
Hey @Michael Orcutt, we don’t right now, but we should definitely document this better.
You can use the
--role-arn
option to pass in an IAM role that CloudFormation uses to provision the stacks and resources. And your local IAM credential should just need CloudFormation related permissions to kick off and monitor the deployment.
m

Michael Orcutt

07/16/2021, 7:36 PM
Nice!
We're running into issues on Seed with CDK Bootstrap and I seemingly have the perms (but clearly don't!)
Copy code
CDKToolkit The following resource(s) failed to create: [ImagePublishingRole, FilePublishingRole, CdkBootstrapVersion, LookupRole, StagingBucket, CloudFormationExecutionRole, ContainerAssetsRepository].
"arnawsiam::{account_id{*:role/cdk*"
We have –
"iam:GetRole", "iam:PassRole", "iam:DetachRolePolicy", "iam:UntagRole", "iam:DeleteRolePolicy", "iam:TagRole", "iam:CreateRole", "iam:DeleteRole", "iam:AttachRolePolicy", "iam:PutRolePolicy", "iam:GetRolePolicy"
on that arn
f

Frank

07/16/2021, 7:44 PM
Can you DM me a link to the build?
m

Michael Orcutt

07/16/2021, 7:47 PM
Sent