Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User understands permissions needed to bootstrap #84

Open
lorenyu opened this issue Sep 8, 2022 · 0 comments
Open

User understands permissions needed to bootstrap #84

lorenyu opened this issue Sep 8, 2022 · 0 comments
Labels
scope: documentation Improvements or additions to documentation

Comments

@lorenyu
Copy link
Contributor

lorenyu commented Sep 8, 2022

Context

add docs on permissions needed to bootstrap

  • dynamodb:GetItem
  • dynamodb:PutItem
  • dynamodb:DeleteItem

The following might not be needed if we go with AWS managed key instead of customer key

To create customer key

  • kms:EnableKeyRotation
  • kms:ScheduleKeyDeletion
  • kms:CreateGrant
  • ... and more

To use customer key

and others too

Implementation guidance from Shawn:

Easiest way to do that is give a fresh user admin privilege, deploy the whole setup and then use IAM to generate policies based on activity.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scope: documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lorenyu