-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow upload package to S3 using the indicated role #405
Comments
The role_name is for the execution role of the remote Zappa function, the local role should be defined your aws credentials. |
@Miserlou Thanks for the pointers. I am a bit lost here, though:
By "local role", do you mean the roles/permissions bound to my user default authorization (determined as Also, could you clarify what are |
Yeah, your local AWS credentials file. It assumes You will always need to be able to upload to an S3 bucket to use Zappa, so I think creating the attaching the ability to do that for the local user is outside the scope of Zappa itself, you should simply have an account that has the ability to upload to a location in your code bucket, I don't see why that needs to be dynamic. Re: the remote policy, discussion is still happening here: #244 Make sense? Am I missing something? |
Also possibly relevant: https://github.com/bjinwright/zops |
Yeah, it makes sense. So "local role" (=the default role/user/principal used) must have permissions listed in #244 (comment). And zappa role ( I guess I got confused by this in bit in readme:
While actually Zappa will only create the role/policies needed to execute/run the applications. Deploying is done using credentials that you have active ( Did I get it right now? |
Yes. I will update the documentation to clarify that. Sorry for the confusion. |
Alright, I think we are done here. Thanks for prompt support! |
Looks like Zappa uploads the artifact to S3 as current user instead of using the defined role?
With
zappa_settings.json
:In our corporation, we users have only read-only permissions and we use assume-role to obtain more permissions when we need them.
The text was updated successfully, but these errors were encountered: