Skip to content
This repository has been archived by the owner on Jan 12, 2023. It is now read-only.

Narrow down Kinesis example IAM role permissions #26

Closed
mrserverless opened this issue Sep 11, 2017 · 2 comments
Closed

Narrow down Kinesis example IAM role permissions #26

mrserverless opened this issue Sep 11, 2017 · 2 comments

Comments

@mrserverless
Copy link
Owner

Current permission are too open https://github.com/yunspace/serverless-golang/blob/master/examples/aws-golang-kinesis/serverless.yml#L14

Provide more realistic and production ready permissions.
@kmarquardsen
Copy link
Collaborator

I was looking at https://github.com/puresec/serverless-puresec-cli for this case

mrserverless pushed a commit that referenced this issue Sep 17, 2017
#26 limit iamRole permissions for Kinesis and add DataPublisher funct…
6d42eb2 
…ion for easier testing
@mrserverless
Copy link
Owner Author

For now I'm going to just stick to the out of box iam role generation from serverless.yml. Of course any external plugins should also work

Updated the Kinesis example to have more granular permissions: https://github.com/yunspace/serverless-golang/blob/master/examples/aws-golang-kinesis/serverless.yml#L14-L19

  iamRoleStatements:
      - Effect: "Allow"
        Resource: ${env:AWS_KINESIS_ARN}
        Action:
          - "kinesis:GetRecords"
          - "kinesis:GetShardIterator"
          - "kinesis:DescribeStream"
          - "kinesis:ListStreams"
          - "kinesis:PutRecord"
          - "kinesis:PutRecords"

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mrserverless @kmarquardsen