Hi all Is there a way to find the minimum required IAM user permission to deploy my SST to AWS? Basically I need to share this list of permissions to our internal devops team for them to create a deployment IAM user which will be used in our CI/CD pipeline.

This completely depends on your use case, I would suggest you to deploy your completed application and use IAM analyzer to help you creating a role with minimum permissions.

Thanks @Ashishkumar Pandey Let me go through this

Resurrecting an old thread to say I'm dealing with the same thing right now. The devops folks I'm working with are very good, but have limited experience with Serverless applications. When I was asked the question "what permissions do you need for your service?" I wondered how I'd even begin to figure this out! It doesn't seem practical to look at CDK/SST code directly for this; there are just too many abstractions. I can't think of a sane way to determine this without using the Access Analyzer or some similar approach

deploy on your personal account and use the analyzer there. once that’s clear create an iam user in your company’s org with access to the same permissions.

haha, that's exactly what I did 😆

awesome, great minds think alike lol. 😂

🤔 💭 "I'll show them, I have an account with ALL THE PERMISSIONS!!!"

yep, instantiate every resource, future proof it for 3 years. 😂