pluto icon indicating copy to clipboard operation
pluto copied to clipboard
verified publisher icon pluto-lang

Allow users to add custom permissions

Open jianzs opened this issue 2 years ago • 0 comments

Feature Request

Is your feature request related to a problem? Please describe:

Developers may utilize the AWS SDK in their code to handle their AWS resources. They need to grant additional permissions to the lambda IAM for this purpose. Otherwise, the lambda will be unable to access the resources that developers intend to manage.

For instance, in Pluto's AWS authentication service, the second lambda must execute the sts::AssumeRole command in order to obtain credentials for the target role. Without manual intervention, an error will occur:

User: arn:aws:sts::811762874732:assumed-role/lambda2-iam-db3a970/lambda2-lambda-c60e627 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::811762874732:role/PLRole-xxx

Describe the feature you'd like:

Allow users to add the necessary custom permissions.

Describe alternatives you've considered:

Maybe we can take inspiration from Nitric's implementation approach:

router.get("/query", async (req: HttpRequest): Promise<HttpResponse> => {
  this.getPermission("sts:AssumeRole", resources);
  // ...
}

Teachability, Documentation, Adoption, Migration Strategy:

jianzs avatar Nov 09 '23 07:11 jianzs