Document minimum required IAM permissions #232

rdsedmundo · 2022-09-05T17:51:05Z

This is a Feature Proposal

Description

Document the minimum required IAM permissions for the plugin to work, so it's easier to follow the Principle of Least Privilege.

Additional Data

Serverless Framework Version: Latest
Stack Trace: N/A
Provider Error messages: N/A

yorjaggy · 2022-10-13T15:36:36Z

Not sure if this question is still open, but I used these Inline Policy, and only those 2 actions are required.
For sure using * on the Resource is not recommended, but by using this plugin I'm not able to get the Alarm name before its creation.

Anyways feel free to add any feedback :D

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricAlarm",
                "cloudwatch:DeleteAlarms"
            ],
            "Resource": "arn:aws:cloudwatch:<AWS_REGION>:<AWS_ACCOUNT_ID>:alarm:*"
        }
    ]
}

rdsedmundo · 2023-06-07T19:16:52Z

I noticed those are required too if metric filters are being used:

        "logs:PutMetricFilter",
        "logs:DeleteMetricFilter",
        "logs:DescribeMetricFilters"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Document minimum required IAM permissions #232

Document minimum required IAM permissions #232

rdsedmundo commented Sep 5, 2022

yorjaggy commented Oct 13, 2022

rdsedmundo commented Jun 7, 2023 •

edited

Loading

Document minimum required IAM permissions #232

Document minimum required IAM permissions #232

Comments

rdsedmundo commented Sep 5, 2022

This is a Feature Proposal

Description

Additional Data

yorjaggy commented Oct 13, 2022

rdsedmundo commented Jun 7, 2023 • edited Loading

rdsedmundo commented Jun 7, 2023 •

edited

Loading