customize-the-serverless-iam-policy.md - suggestions
Lior-G opened this issue · comments
under "An advanced IAM Policy template", recommending the following updates
- update (twice)
Why: PATCH is needed for any deployment after the first one
"apigateway:GET",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"
to
"apigateway:GET",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"
- update
WHY: ensure code only has access to S3 permissions within project; create, update, delete, list
"arn:aws:s3:::*"
to
"arn:aws:s3:::<service_name>*"
- update
WHY: ensure code only has access to S3 permissions within project; upload
"arn:aws:s3:::*/*"
to
"arn:aws:s3:::<service_name>*/*"
Yeah these make sense. Do you mind editing the chapter and submitting a PR?
Yeah these make sense. Do you mind editing the chapter and submitting a PR?
Jay:
sure, no problem.
Looking at your CONTRIBUTING.md, don't see if there is a branching naming convention, or steps to properly submit a PR.
Is there any? if so, can you please point me to it?
For this case you can simply edit this chapter through the GitHub web interface and submit a PR. Does that make sense?