Add permissions requirements to each pages #3659
Comments
Leikt
added
documentation
|
This is a perennial question we receive across all the SDKs. I'm going to keep yours open here to keep track of it. Yes, most calls to the AWS API require their corresponding call in IAM (which is usually in the form of I'm not going to close this but I'm going to remove the triage label. |
indrora
added
auto-label-exempt
|
After discussing with @indrora we thought that our cross-SDK repo (https://github.com/aws/aws-sdk) would be the better place to track this going forward, as it's a request that applies across SDK documentation. Please refer to this issue for updates going forward: aws/aws-sdk#518 Also in the meantime, using IAM Policy Simulator as documented here can help with quickly finding which permissions are required to run different actions: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html |
Describe the issue
Hello,
While creating a new tool, i have to ask the security team to add permissions to the role i'm using with boto3. Since have to guess what permissions are required for each boto3 api, the mails go back and forth during the trial and error process until we finally have the right permissions.
I suggest you add a short section to each function documentation. Such a section will describe what IAM Action we should put in the API key role to call the api. Therefore, when making a request to add actions to a certain role, we can read the doc and know exactly what to ask for. That can help developers to save time.
Per example, for the function describe_automation_executions of the SSM client:
I know the corresponding action is often the name of the function in PascalCase, but is it always this way?
Best regards
Links
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ssm/client/describe_automation_executions.html
The text was updated successfully, but these errors were encountered: