AWS Chalice 所需的 AWS IAM 策略
AWS IAM Policy required for AWS Chalice
需要什么 IAM 角色策略AWS Chalice。
Github没有官方文档吗?
运行AWS Chalice需要什么权限?
截至 2020 年 7 月 9 日,Github 没有官方文档,但有一个 Open issue on documentation regarding IAM。
所需的权限是,
- API 网关
- IAM
- 拉姆达
对我有用的政策,
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1471020565000",
"Effect": "Allow",
"Action": [
"iam:AttachRolePolicy",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:CreateRole",
"iam:PutRolePolicy",
"iam:GetRole",
"iam:PassRole"
],
"Resource": [
"*"
]
},
{
"Sid": "Stmt1471020565001",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"apigateway:HEAD",
"apigateway:POST"
],
"Resource": [
"arn:aws:apigateway:ap-south-1::/restapis",
"arn:aws:apigateway:ap-south-1::/restapis/*/resources",
"arn:aws:apigateway:ap-south-1::/restapis/*/resources/*"
]
},
{
"Sid": "Stmt1471020565002",
"Effect": "Allow",
"Action": [
"apigateway:DELETE"
],
"Resource": [
"arn:aws:apigateway:ap-south-1::/restapis/*/resources/*"
]
},
{
"Sid": "Stmt1471020565003",
"Effect": "Allow",
"Action": [
"apigateway:POST"
],
"Resource": [
"arn:aws:apigateway:ap-south-1::/restapis/*/deployments",
"arn:aws:apigateway:ap-south-1::/restapis/*/resources/*"
]
},
{
"Sid": "Stmt1471020565004",
"Effect": "Allow",
"Action": [
"apigateway:PUT"
],
"Resource": [
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/GET",
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/GET/*",
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/POST",
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/POST/*",
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/PUT",
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/PUT/*"
]
},
{
"Sid": "Stmt1471020565005",
"Effect": "Allow",
"Action": [
"apigateway:PATCH"
],
"Resource": [
"arn:aws:apigateway:ap-south-1::/restapis/*"
]
},
{
"Effect": "Allow",
"Action": "lambda:*",
"Resource": "*"
}
]
}
需要什么 IAM 角色策略AWS Chalice。
Github没有官方文档吗?
运行AWS Chalice需要什么权限?
截至 2020 年 7 月 9 日,Github 没有官方文档,但有一个 Open issue on documentation regarding IAM。
所需的权限是,
- API 网关
- IAM
- 拉姆达
对我有用的政策,
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1471020565000",
"Effect": "Allow",
"Action": [
"iam:AttachRolePolicy",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:CreateRole",
"iam:PutRolePolicy",
"iam:GetRole",
"iam:PassRole"
],
"Resource": [
"*"
]
},
{
"Sid": "Stmt1471020565001",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"apigateway:HEAD",
"apigateway:POST"
],
"Resource": [
"arn:aws:apigateway:ap-south-1::/restapis",
"arn:aws:apigateway:ap-south-1::/restapis/*/resources",
"arn:aws:apigateway:ap-south-1::/restapis/*/resources/*"
]
},
{
"Sid": "Stmt1471020565002",
"Effect": "Allow",
"Action": [
"apigateway:DELETE"
],
"Resource": [
"arn:aws:apigateway:ap-south-1::/restapis/*/resources/*"
]
},
{
"Sid": "Stmt1471020565003",
"Effect": "Allow",
"Action": [
"apigateway:POST"
],
"Resource": [
"arn:aws:apigateway:ap-south-1::/restapis/*/deployments",
"arn:aws:apigateway:ap-south-1::/restapis/*/resources/*"
]
},
{
"Sid": "Stmt1471020565004",
"Effect": "Allow",
"Action": [
"apigateway:PUT"
],
"Resource": [
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/GET",
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/GET/*",
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/POST",
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/POST/*",
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/PUT",
"arn:aws:apigateway:ap-south-1::/restapis/*/methods/PUT/*"
]
},
{
"Sid": "Stmt1471020565005",
"Effect": "Allow",
"Action": [
"apigateway:PATCH"
],
"Resource": [
"arn:aws:apigateway:ap-south-1::/restapis/*"
]
},
{
"Effect": "Allow",
"Action": "lambda:*",
"Resource": "*"
}
]
}