enricop89 · September 27, 2019 13:59 · Sep 27, 2019
diff --git a/cloudformation-role.json b/cloudformation-role.json
@@ -0,0 +1,65 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "lambda:CreateFunction",
+                "lambda:ListVersionsByFunction",
+                "dynamodb:DeleteItem",
+                "iam:DeletePolicy",
+                "iam:CreateRole",
+                "lambda:GetFunctionConfiguration",
+                "iam:PutRolePolicy",
+                "dynamodb:DeleteTable",
+                "iam:PassRole",
+                "dynamodb:DescribeTable",
+                "iam:DeleteRolePolicy",
+                "dynamodb:GetItem",
+                "cloudformation:UpdateStack",
+                "lambda:DeleteFunction",
+                "iam:GetRole",
+                "dynamodb:UpdateTimeToLive",
+                "dynamodb:PutItem",
+                "lambda:InvokeFunction",
+                "apigateway:*",
+                "lambda:GetFunction",
+                "iam:DeleteUserPolicy",
+                "iam:DeleteRole",
+                "dynamodb:Scan",
+                "dynamodb:Query",
+                "dynamodb:UpdateItem",
+                "cloudformation:DescribeStacks",
+                "dynamodb:CreateTable",
+                "s3:PutObject",
+                "s3:GetObject",
+                "lambda:AddPermission",
+                "lambda:PublishVersion",
+                "lambda:RemovePermission",
+                "dynamodb:UpdateTable"
+            ],
+            "Resource": [
+                "arn:aws:lambda:*:*:function:*",
+                "arn:aws:cloudformation:eu-west-2:<AWS_ACCOUNT_NUMBER>:stack/<CLOUD_FORMATION_STACK_NAME>/*",
+                "arn:aws:apigateway:*::*",
+                "arn:aws:s3:::<BUCKET_NAME>/*",
+                "arn:aws:iam::*:role/*",
+                "arn:aws:dynamodb:eu-west-2:<AWS_ACCOUNT_NUMBER>:table/<TABLE_NAME>",
+                "arn:aws:dynamodb:eu-west-2:<AWS_ACCOUNT_NUMBER>:table/<TABLE_NAME>/index/<TABLE_INDEX_NAME>"
+            ]
+        },
+        {
+            "Sid": "VisualEditor1",
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups",
+                "logs:DeleteLogGroup",
+                "dynamodb:ListTables",
+                "logs:PutRetentionPolicy",
+                "logs:CreateLogGroup"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/serverless-deploy-role.json b/serverless-deploy-role.json
@@ -0,0 +1,76 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "cloudformation:DetectStackDrift",
+                "lambda:ListVersionsByFunction",
+                "lambda:GetLayerVersion",
+                "cloudformation:ListStackInstances",
+                "lambda:GetFunctionConfiguration",
+                "s3:ListBucket",
+                "cloudformation:DescribeStackResource",
+                "lambda:GetLayerVersionPolicy",
+                "cloudformation:DetectStackResourceDrift",
+                "iam:PassRole",
+                "cloudformation:DescribeStackEvents",
+                "lambda:ListTags",
+                "cloudformation:DescribeStackSetOperation",
+                "cloudformation:UpdateStack",
+                "lambda:GetAlias",
+                "s3:DeleteObject",
+                "cloudformation:DescribeChangeSet",
+                "cloudformation:ListStackResources",
+                "lambda:InvokeFunction",
+                "lambda:GetEventSourceMapping",
+                "lambda:GetFunction",
+                "cloudformation:DescribeStackInstance",
+                "lambda:ListAliases",
+                "lambda:UpdateFunctionConfiguration",
+                "cloudformation:DescribeStackResources",
+                "cloudformation:GetTemplateSummary",
+                "cloudformation:DescribeStacks",
+                "lambda:UpdateFunctionCode",
+                "s3:PutObject",
+                "s3:GetObject",
+                "cloudformation:DescribeStackResourceDrifts",
+                "cloudformation:GetStackPolicy",
+                "cloudformation:CreateStack",
+                "cloudformation:GetTemplate",
+                "cloudformation:DeleteStack",
+                "s3:GetBucketLocation",
+                "lambda:GetPolicy"
+            ],
+            "Resource": [
+                "arn:aws:lambda:*:*:event-source-mapping:*",
+                "arn:aws:lambda:*:*:function:*",
+                "arn:aws:lambda:*:*:layer:*:*",
+                "arn:aws:s3:::<BUCKET_NAME>/*",
+                "arn:aws:s3:::<BUCKET_NAME>",
+                "arn:aws:cloudformation:eu-west-2:<AWS_ACCOUNT_NUMBER>:stack/<CLOUD_FORMATION_STACK_NAME>/*",
+                "arn:aws:iam::<AWS_ACCOUNT_NUMBER>:role/<CLOUD_FORMATION_ROLE>"
+            ]
+        },
+        {
+            "Sid": "VisualEditor1",
+            "Effect": "Allow",
+            "Action": [
+                "cloudformation:EstimateTemplateCost",
+                "cloudformation:DescribeStackDriftDetectionStatus",
+                "cloudformation:ListExports",
+                "cloudformation:ListStacks",
+                "lambda:ListFunctions",
+                "cloudformation:ListImports",
+                "lambda:ListEventSourceMappings",
+                "cloudformation:DescribeAccountLimits",
+                "lambda:ListLayerVersions",
+                "lambda:ListLayers",
+                "lambda:GetAccountSettings",
+                "cloudformation:ValidateTemplate"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
No results found