Skip to content
This repository has been archived by the owner on Dec 1, 2022. It is now read-only.

Missing dynamodb permission on recommended IAM user policy #379

Open
dramaticlly opened this issue Feb 22, 2018 · 2 comments
Open

Missing dynamodb permission on recommended IAM user policy #379

dramaticlly opened this issue Feb 22, 2018 · 2 comments

Comments

@dramaticlly
Copy link
Contributor

Unable to create cloudformation stack "Data Service" due to

User: arn:aws:iam::$AWSACCOUNTID:user/blox is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-west-2:388892025991:table/Environments

The recommended IAM user policy on dev branch README.md used

{
    "Version":"2012-10-17",
    "Statement":[{
        "Effect":"Allow",
        "Action":[
            "s3:*",
            "lambda:*",
            "apigateway:*",
            "cloudformation:*",
            "iam:*",
            "execute-api:*",
            "events:DescribeRule"
        ],
        "Resource":"*"
    }]
}

Do you think we should add dynamodb:* for IAM user policy?
@dramaticlly
Copy link
Contributor Author

also ecs:* permission for blox-test-cluster stack

errorMessage: User: arn:aws:iam:: $AWSACCOUNTID:user/blox is not authorized to perform: ecs:CreateCluster on resource: *

@wbingli
Copy link
Contributor

wbingli commented Feb 23, 2018

Could you add those permissions and have a pull request? Ideally we can use some managed policies to simplify the rules, like AWSLambdaFullAccess, AmazonEC2ContainerServiceFullAccess. This user is used for creating stacks, deployment and testing, it's basically an admin user. I basically use my default admin user for this profile.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wbingli @dramaticlly