SOCless is deployed using the serverless framework. Currently, the IAM permissions needed to deploy SOCless are not defined. This often leads SOCless users to deploy using * permissions.

To improve the security of the SOCless framework, SOCless needs a permissions template for the SOCless deployment role that SOCless users can use for deployment. The permissions template would ideally provide the least-privilege access needed to successfully deploy SOCless.

Acceptance Criteria:

• A permissions template for the SOCless deployment user/role has been created, tested and added to the SOCless documentation and SOCless code-base

Helpful Resoures:

• This issue on the serverless framework github repo shows how an individual successfully scoped down the permissions they needed to deploy using the serverless framework serverless/serverless#1439
• This blog post discusses IAM permissions for the serverless framework https://www.serverless.com/blog/abcs-of-iam-permissions/