Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Might be helpful to link to sample/suggested AWS IAM permissions for deploy #9

Open
jeffehobbs opened this issue Mar 8, 2019 · 6 comments

Comments

Projects
None yet
6 participants
@jeffehobbs
Copy link

commented Mar 8, 2019

Ran through an AWS lambda install this morning -- flawless, and worked great, right out of the box. Kudos for providing such a smooth path for transition for your users. Highly appreciated.

The one place I did get stuck for a while was setting the specific IAM/cloudformation permissions within the AWS console -- this took several tries to get right. It would be helpful to state (or link to) a sample of what the permissions required for AWS deploy are for this project.

@Muffo

This comment has been minimized.

Copy link

commented Mar 20, 2019

I also had problem with that and eventually gave up and deployed using the root account access keys.

@heyalexchoi

This comment has been minimized.

Copy link

commented Mar 24, 2019

... which ones did you end up setting?
@jeffehobbs

@mkiser

This comment has been minimized.

Copy link

commented Apr 1, 2019

Agree with this. Not entirely sure what permissions I've granted at this point...

@tanushshukla

This comment has been minimized.

Copy link

commented Apr 2, 2019

It's IAM.
You can follow the guide on how to set up the credentials here:
https://serverless.com/framework/docs/providers/aws/guide/credentials#creating-aws-access-keys

All the permissions are listed there. Once serverless is setup with aws credentials, this migration is a breeze.

@mkiser

This comment has been minimized.

Copy link

commented Apr 2, 2019

Dropped this into #12 to help others.

@joelrojo

This comment has been minimized.

Copy link

commented Apr 19, 2019

I had to create a user with custom permissions for CloudFormation execution functions. Added a custom policy and used this json code:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1449904348000",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:CreateChangeSet",
                "cloudformation:ListStacks",
                "cloudformation:UpdateStack",
                "cloudformation:DescribeStacks",
                "cloudformation:DescribeStackResource",
                "cloudformation:DescribeStackEvents",
                "cloudformation:ValidateTemplate",
                "cloudformation:DescribeChangeSet",
                "cloudformation:ExecuteChangeSet",
                "cloudformation:GetTemplateSummary"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.