Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
example IAM policy for creating serverless services from the CLI
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"iam:CreateRole",
"iam:CreatePolicy",
"iam:AttachRolePolicy",
"iam:PassRole",
"lambda:GetFunction",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:InvokeFunction",
"lambda:GetFunctionConfiguration",
"lambda:UpdateFunctionConfiguration",
"lambda:UpdateFunctionCode",
"lambda:CreateAlias",
"lambda:UpdateAlias",
"lambda:GetAlias",
"lambda:ListVersionsByFunction",
"logs:FilterLogEvents",
"cloudwatch:GetMetricStatistics",
"cloudformation:CreateStack",
"cloudformation:UpdateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate",
"cloudformation:List*",
"apigateway:GET",
"apigateway:PATCH",
"apigateway:DELETE",
"iam:DeleteRolePolicy",
"lambda:RemovePermission",
"iam:DetachRolePolicy",
"iam:DeleteRole",
"apigateway:POST",
"iam:PutRolePolicy",
"iam:GetRole",
"lambda:AddPermission",
"apigateway:PUT",
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment