customize-the-serverless-iam-policy.md - suggestions

Question

customize-the-serverless-iam-policy.md - suggestions

Lior-G opened this issue 4 years ago · comments

under "An advanced IAM Policy template", recommending the following updates

update (twice)

Why: PATCH is needed for any deployment after the first one

"apigateway:GET",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"

to

"apigateway:GET",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"

update

WHY: ensure code only has access to S3 permissions within project; create, update, delete, list

"arn:aws:s3:::*"

to

"arn:aws:s3:::<service_name>*"

update

WHY: ensure code only has access to S3 permissions within project; upload

"arn:aws:s3:::*/*"

to

"arn:aws:s3:::<service_name>*/*"

Jay · Answer 1 · Sun Feb 09 2020 02:32:58 GMT+0800 (China Standard Time)

Yeah these make sense. Do you mind editing the chapter and submitting a PR?

Lior · Answer 2 · Mon Feb 10 2020 23:22:09 GMT+0800 (China Standard Time)

Yeah these make sense. Do you mind editing the chapter and submitting a PR?

Jay:
sure, no problem.
Looking at your CONTRIBUTING.md, don't see if there is a branching naming convention, or steps to properly submit a PR.
Is there any? if so, can you please point me to it?

Jay · Answer 3 · Mon Mar 09 2020 05:53:41 GMT+0800 (China Standard Time)

For this case you can simply edit this chapter through the GitHub web interface and submit a PR. Does that make sense?

Lior · Answer 4 · Mon Mar 09 2020 20:58:18 GMT+0800 (China Standard Time)

already done, and PR has already been merged cheers Lior

…

On Sun, Mar 8, 2020 at 5:53 PM Jay V ***@***.***> wrote: For this case you can simply edit this chapter through the GitHub web interface and submit a PR. Does that make sense? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#439>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AGJLHEC54PHEN42LRCLYBBDRGQOXLANCNFSM4KOUKARQ> .