-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What are the minimal AWS permissions needed for faast to function properly? #542
Comments
Ideally admin permissions to the entire account. The reason is that faast.js creates its own role and sets the permissions for that role, and in order to do that you need a high level of permissions. However you can create the role yourself: https://faastjs.org/docs/api/faastjs.awsoptions.rolename, then specify the role you created as the |
Ideally, there's a lesser set of permissions that would be needed in order for faast to function properly, no? That seems insanely broad and a potential security risk otherwise |
It's a little complex because faast.js needs to do many things in order to orchestrate the work it does. Producing an absolute minimal configuration will be challenging, but a coarse approximation would probably require (untested):
In general the best approach is probably to segregate the use cases and data for faast.js into a separate account, and use that for the production use. For developer use, you can use the standard AWS IAM keys you use, which probably gives you will access to your own account. |
A quick review of the code shows two more services you need permissions for:
|
Thank you! I'll be testing this soon and will report back if it works |
No description provided.
The text was updated successfully, but these errors were encountered: