do we have something like <https://open-sl.github....
# helpj
José Ribeiro
05/27/2021, 2:53 PMdo we have something like https://open-sl.github.io/serverless-permission-generator/ for serverless-stack? Or some sort of general IAM policy that allows to deploy any kind of app that can be generated using sls-stack
José Ribeiro
05/27/2021, 2:56 PMor even only permissions to run on the ephemeral dev environment
f
Frank
05/27/2021, 5:23 PM
The permissions SST needs should be mostly identical to that generated by this. With additional permission to bootstrap CDK and deploying the debug stack.
Frank
05/27/2021, 5:24 PM
I think we might even be able to auto-generate the policy by looking at the CDK code 🤔
Frank
05/27/2021, 5:31 PM
I think that’d be a useful tool.. just opened a discussion to track this https://github.com/serverless-stack/serverless-stack/discussions/391
j
José Ribeiro
05/27/2021, 6:03 PMyea I thought it might not be a stretch — could perhaps be even useful to have sth that checks whether your permissions will be sufficient before deploying
José Ribeiro
05/27/2021, 6:03 PM(and ultimately failing and rolling back because of missing permissions)
t
Tomasz Sobczyk
06/08/2021, 9:36 PMThis is ahead of me soon - I was planning to try and approach this:
https://aws.amazon.com/blogs/security/iam-access-analyzer-makes-it-easier-to-impleme[…]missions-by-generating-iam-policies-based-on-access-activity/