Last active
April 23, 2020 00:08
-
-
Save jimmdd/a287a3b4cf52a9d6793927ac0680f736 to your computer and use it in GitHub Desktop.
IAM permission sets for deploying next-serverless component in code build env
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": | |
| [ | |
| { | |
| "Action": | |
| [ | |
| "cloudfront:CreateCloudFrontOriginAccessIdentity", | |
| "cloudfront:CreateDistribution", | |
| "cloudfront:UpdateDistribution", | |
| "cloudfront:GetDistributionConfig" | |
| ], | |
| "Resource": "*", | |
| "Effect": "Allow" | |
| }, | |
| { | |
| "Action": ["cloudfront:CreateInvalidation"], | |
| "Resource": "arn:aws:cloudfront::${YOUR ACCOUNT ID}:distribution/${YOUR CLOUDFRONT DISTRIBUTION ID}", | |
| "Effect": "Allow" | |
| }, | |
| { | |
| "Action": | |
| [ | |
| "iam:CreateServiceLinkedRole", | |
| "iam:CreateRole", | |
| "iam:AttachRolePolicy", | |
| "iam:DetachRolePolicy", | |
| "iam:PassRole" | |
| ], | |
| "Resource": "*", | |
| "Effect": "Allow" | |
| }, | |
| { | |
| "Action": ["lambda:GetFunction", "lambda:EnableReplication*"], | |
| "Resource": "*", | |
| "Effect": "Allow" | |
| }, | |
| { | |
| "Action": | |
| [ | |
| "s3:CreateBucket", | |
| "s3:ListBucket", | |
| "s3:ListBucketVersions", | |
| "s3:PutObject", | |
| "s3:PutBucketPolicy", | |
| "s3:PutAccelerateConfiguration", | |
| "s3:PutAnalyticsConfiguration", | |
| "s3:PutEncryptionConfiguration", | |
| "s3:GetObject", | |
| "s3:GetBucketPolicy", | |
| "s3:GetAccelerateConfiguration", | |
| "s3:GetAnalyticsConfiguration", | |
| "s3:GetEncryptionConfiguration", | |
| "s3:DeleteObject", | |
| "s3:DeleteBucket", | |
| "s3:DescribeJob" | |
| ], | |
| "Resource": | |
| ["arn:aws:s3:::${YOUR BUCKET NAME}", "arn:aws:s3:::${YOUR BUCKET NAME}/*"], | |
| "Effect": "Allow" | |
| } | |
| ] | |
| } |
jimmdd
commented
Apr 23, 2020
via email
Author
Hi alekslario,
You will need to replace the variables in this template to your AWS account informations, s3 name etc. Thanks for telling me the comma issue, I was using this in js file for my lambda. I’ll update the json format.
Best,
Jim
…Sent from my iPhone
On Apr 22, 2020, at 6:53 PM, alekslario ***@***.***> wrote:
***@***.*** commented on this gist.
AWS doesn't accept trailing comas and after removing them
This policy contains the following error: Policy contains one or more invalid variable declarations For more information about the IAM policy grammar, see AWS IAM Policies
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment