Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": [
- "cloudformation:DescribeStackResources",
- "cloudformation:CreateStack",
- "cloudformation:DescribeStackEvents",
- "cloudformation:DescribeStackResource",
- "cloudformation:UpdateStack",
- "cloudformation:DescribeStacks",
- "cloudformation:DeleteStack"
- ],
- "Effect": "Allow",
- "Resource": "arn:aws:cloudformation:us-east-1:XXX:stack/service_name*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:CreateBucket"
- ],
- "Resource": [
- "*" // can limit this also to "arn:aws:s3:::service_name-*-serverlessdeploymentbucket-*" also
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:PutObject",
- "s3:GetObject",
- "s3:ListBucket",
- "s3:DeleteObject",
- "s3:DeleteBucket",
- "s3:ListBucketVersions"
- ],
- "Resource": [
- "arn:aws:s3:::service_name-*-serverlessdeploymentbucket-*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "lambda:GetFunction",
- "lambda:CreateFunction",
- "lambda:DeleteFunction",
- "lambda:UpdateFunctionConfiguration",
- "lambda:UpdateFunctionCode",
- "lambda:ListVersionsByFunction",
- "lambda:PublishVersion",
- "lambda:CreateAlias",
- "lambda:DeleteAlias",
- "lambda:UpdateAlias",
- "lambda:GetFunctionConfiguration"
- ],
- "Resource": [
- "arn:aws:lambda:us-east-1:XXX:function:service_name*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "iam:PassRole"
- ],
- "Resource": [
- "arn:aws:iam::XXX:role/service-role/yourcustomrolename*"
- ]
- }
- ]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
