customize-the-serverless-iam-policy.md - suggestions

[Lior-G]

under "An advanced IAM Policy template", recommending the following updates

• update (twice)

Why: PATCH is needed for any deployment after the first one

"apigateway:GET",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"

to

"apigateway:GET",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"

• update

WHY: ensure code only has access to S3 permissions within project; create, update, delete, list

"arn:aws:s3:::*"

to

"arn:aws:s3:::<service_name>*"

• update

WHY: ensure code only has access to S3 permissions within project; upload

"arn:aws:s3:::*/*"

to

"arn:aws:s3:::<service_name>*/*"

[jayair]

Yeah these make sense. Do you mind editing the chapter and submitting a PR?

[Lior-G]

Yeah these make sense. Do you mind editing the chapter and submitting a PR?

Jay:
sure, no problem.
Looking at your CONTRIBUTING.md, don't see if there is a branching naming convention, or steps to properly submit a PR.
Is there any? if so, can you please point me to it?

[jayair]

For this case you can simply edit this chapter through the GitHub web interface and submit a PR. Does that make sense?

[Lior-G]

already done, and PR has already been merged cheers Lior

…

On Sun, Mar 8, 2020 at 5:53 PM Jay V ***@***.***> wrote: For this case you can simply edit this chapter through the GitHub web interface and submit a PR. Does that make sense? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#439>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AGJLHEC54PHEN42LRCLYBBDRGQOXLANCNFSM4KOUKARQ> .