lambda-maven-plugin
lambda-maven-plugin copied to clipboard
SeanRoy
IAM Permissions
Thanks for the great plugin!
When setting up, I found that the permissions list in the README was missing quite a few permissions, causing errors when trying to deploy. Eventually I found that I needed the following much larger set of permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction",
"lambda:GetFunction",
"lambda:ListAliases",
"lambda:GetFunctionConfiguration",
"lambda:UpdateAlias",
"s3:PutObject",
"s3:GetObject",
"lambda:UpdateFunctionCode",
"iam:PassRole",
"lambda:AddPermission",
"events:ListRuleNamesByTarget",
"lambda:GetPolicy",
"lambda:CreateAlias"
],
"Resource": [
"arn:aws:s3:::<bucket>/*",
"arn:aws:lambda:*:*:function:<functionName>",
"arn:aws:iam::*:role/service-role/<role>",
"arn:aws:events:*:*:rule/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"lambda:CreateFunction",
"events:PutTargets",
"s3:ListAllMyBuckets",
"ec2:DescribeVpcs",
"events:PutRule",
"lambda:ListEventSourceMappings",
"lambda:UpdateFunctionConfiguration",
"sns:ListSubscriptions",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:CreateBucket",
"Resource": "arn:aws:s3:::<bucket>"
}
]
}
Is this to be expected or have I done something wrong? Is it just that the documentation needs updating?
Thanks!
