简体繁体中英

Deploying AWS SAM function with least privileges

原文 2020-09-01 02:12:12 6 1 amazon-web-services/ amazon-iam/ aws-sam

For a SAM CI/CD credentials like https://github.com/TractorZoom/sam-cli-action how do I create/specify a key/secret with the least privileges? ie not my PowerUser account's AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY , but still enough to deploy and update the application?

When I do a sam deploy it says it's creating a IAM role, but on inspection it simply a arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole which only allows to write logs AFAICT.

So how does one create a "deployment role" with least privileges or is there something I am missing?

1 answers

You could create an IAM role with least privileges policies, and allow for your user to assume the role, then injecting the temp credentials to your CI/CD file. More info here

Better yet, if you have an instance executing your pipeline, you could attach the IAM role to it. I use Gitlab runners and this is what I always go for. In this scenario, you can skip defining the credentials since the instance takes care of that.

Either case an IAM role is a pre-req, preferably an independent deployment.

After building and deploying lambda function with aws sam cli, I get Client network socket disconnected in logs

Deploying AWS Lambda "Hello World" using sam init, sam build sam deploy defaults fails with Failed to create changeset for sam-app

AWS SAM "No response from invoke container for" wrong function name

AWS SAM - Simple example of HttpApi with Lambda Function Integration

aws sam build failing: property SnapStart not defined for resource of type AWS::Serverless::Function

how to build, package and deploy AWS SAM lambda function of python from azure Devops CI/CD pipeline to AWS

Python is not configured for aws sam cli

Problem running lambda function locally with AWS SAM command on Fedora 32. Docker problem

AWS SAM Lambda policy for OpenSearch

Giving a Lambda a role in AWS SAM

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question After building and deploying lambda function with aws sam cli, I get Client network socket disconnected in logs Deploying AWS Lambda "Hello World" using sam init, sam build sam deploy defaults fails with Failed to create changeset for sam-app AWS SAM "No response from invoke container for" wrong function name AWS SAM - Simple example of HttpApi with Lambda Function Integration aws sam build failing: property SnapStart not defined for resource of type AWS::Serverless::Function how to build, package and deploy AWS SAM lambda function of python from azure Devops CI/CD pipeline to AWS Python is not configured for aws sam cli Problem running lambda function locally with AWS SAM command on Fedora 32. Docker problem AWS SAM Lambda policy for OpenSearch Giving a Lambda a role in AWS SAM

Related Tags

Deploying AWS SAM function with least privileges

Question

1 answers

solution1 1 2020-09-01 02:40:30

solution1
1 2020-09-01 02:40:30