Last active
February 5, 2018 01:01
-
-
Save WarlaxZ/b2d8299c7545d43a561c68530a3a7381 to your computer and use it in GitHub Desktop.
Serverless IAM Requirements
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"cloudformation:CreateStack", | |
"cloudformation:UpdateStack", | |
"cloudformation:DescribeStacks", | |
"cloudformation:ListStacks", | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:DescribeStackResource", | |
"cloudformation:DescribeStackResources", | |
"iam:GetRole", | |
"iam:CreateRole", | |
"iam:CreatePolicy", | |
"iam:PutRolePolicy", | |
"iam:PassRole", | |
"lambda:GetFunction", | |
"lambda:ListVersionsByFunction", | |
"lambda:CreateFunction", | |
"lambda:UpdateFunctionCode", | |
"lambda:UpdateFunctionConfig", | |
"lambda:GetFunctionConfiguration", | |
"lambda:AddPermission", | |
"lambda:PublishVersion", | |
"s3:DeleteObject", | |
"s3:GetObject", | |
"s3:CreateBucket", | |
"s3:ListBucket", | |
"s3:PutObject", | |
"apigateway:POST", | |
"apigateway:GetResources", | |
"apigateway:GET", | |
"apigateway:PUT", | |
"apigateway:DELETE" | |
], | |
"Resource": "*" | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Warning:
iam:PutRolePolicy
will allow the user of this policy to create any role they like in IAM