-
Notifications
You must be signed in to change notification settings - Fork 209
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: generate iam role for dynamodb:Scan #586
feat: generate iam role for dynamodb:Scan #586
Conversation
@horike37 do you know who I can ping to review this? ( I'm pinging you because you merged the first closed PR from this repo ) |
Now I'm missing also those permissions:
Is there a reason for not generating all permissions? |
I need more permissions. Not sure what's the best approach for it? |
'arn:aws:execute-api', | ||
{ Ref: 'AWS::Region' }, | ||
{ Ref: 'AWS::AccountId' }, | ||
'*', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know how to get the actual api ID. I'm not sure if we need permissions that restrictive.
'arn:aws:ssm', | ||
{ Ref: 'AWS::Region' }, | ||
{ Ref: 'AWS::AccountId' }, | ||
'parameter/*', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generic for all parameters 🤷🏽
Fixes #584