-
Notifications
You must be signed in to change notification settings - Fork 4
sbt sam policy
Dennis Vriend edited this page Feb 19, 2018
·
1 revision
To be able to deploy resources, sbt-sam needs an AWS user with associated API key and policies, the following policy grants sbt-sam permissions to deploy resources:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"rds:*",
"firehose:*",
"cloudtrail:*",
"redshift:*",
"dynamodb:*",
"es:*",
"sns:*",
"athena:*",
"sqs:*",
"glue:*",
"kms:*",
"kinesis:*",
"kinesisanalytics:*",
"apigateway:*",
"s3:*",
"cloudformation:*",
"iam:*",
"glacier:*",
"cloudwatch:*",
"lambda:*",
"cognito-idp:*",
"cognito-identity:*",
"elasticmapreduce:*"
],
"Resource": "*"
}
]
}
The API key associated with the above policy has this initial list of grants. This user will be used by sbt-sam to deploy resources by means of CLI, Jenkins or CodePipeline.