Login/Register
AWS IAM Policy required for AWS Chalice
Asked Answered
Solved pythonaws-lambdaamazon-iamchalice
O

1

5

What is the IAM role policy required AWS Chalice.

There is no official documentation in Github?

What are the permissions are required to run AWS Chalice?

Obtect answered 7/9, 2020 at 16:35 Comment(0)
O
13

There is no official documentation on Github as of 07-09-2020 and there is an Open issue on documentation regarding IAM.

The required permissions are,

  1. API Gateway
  2. IAM
  3. Lambda

The policy which worked for me,

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Stmt1471020565000",
        "Effect": "Allow",
        "Action": [
            "iam:AttachRolePolicy",
            "iam:DeleteRolePolicy",
            "iam:DetachRolePolicy",
            "iam:CreateRole",
            "iam:PutRolePolicy",
            "iam:GetRole",
            "iam:PassRole"
        ],
        "Resource": [
            "*"
        ]
    },
    {
        "Sid": "Stmt1471020565001",
        "Effect": "Allow",
        "Action": [
            "apigateway:GET",
            "apigateway:HEAD",
            "apigateway:POST"
        ],
        "Resource": [
            "arn:aws:apigateway:ap-south-1::/restapis",
            "arn:aws:apigateway:ap-south-1::/restapis/*/resources",
            "arn:aws:apigateway:ap-south-1::/restapis/*/resources/*"
        ]
    },
    {
        "Sid": "Stmt1471020565002",
        "Effect": "Allow",
        "Action": [
            "apigateway:DELETE"
        ],
        "Resource": [
            "arn:aws:apigateway:ap-south-1::/restapis/*/resources/*"
        ]
    },
    {
        "Sid": "Stmt1471020565003",
        "Effect": "Allow",
        "Action": [
            "apigateway:POST"
        ],
        "Resource": [
            "arn:aws:apigateway:ap-south-1::/restapis/*/deployments",
            "arn:aws:apigateway:ap-south-1::/restapis/*/resources/*"
        ]
    },
    {
        "Sid": "Stmt1471020565004",
        "Effect": "Allow",
        "Action": [
            "apigateway:PUT"
        ],
        "Resource": [
            "arn:aws:apigateway:ap-south-1::/restapis/*/methods/GET",
            "arn:aws:apigateway:ap-south-1::/restapis/*/methods/GET/*",
            "arn:aws:apigateway:ap-south-1::/restapis/*/methods/POST",
            "arn:aws:apigateway:ap-south-1::/restapis/*/methods/POST/*",
            "arn:aws:apigateway:ap-south-1::/restapis/*/methods/PUT",
            "arn:aws:apigateway:ap-south-1::/restapis/*/methods/PUT/*"
        ]
    },
    {
        "Sid": "Stmt1471020565005",
        "Effect": "Allow",
        "Action": [
            "apigateway:PATCH"
        ],
        "Resource": [
            "arn:aws:apigateway:ap-south-1::/restapis/*"
        ]
    },
    {
        "Effect": "Allow",
        "Action": "lambda:*",
        "Resource": "*"
    }
]
}
Obtect answered 7/9, 2020 at 16:35 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.