Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAM Role permissions #8

Open
melvyn-apryl opened this issue May 23, 2021 · 1 comment
Open

IAM Role permissions #8

melvyn-apryl opened this issue May 23, 2021 · 1 comment

Comments

@melvyn-apryl
Copy link
Contributor

Could you document what minimum permissions are needed for the role set in the settings file?

I'm currently going with AdministratorAccess-AWSElasticBeanstalk, but I think it's too permissive.
@melvyn-apryl
Copy link
Contributor Author

Looking at the code it needs ability to read/write to queues and to create them. The corresponding managed policy for this is arn:aws:iam::aws:policy/AmazonSQSFullAccess.

Now, if you want proper security and also have django-storages you are now faced with the problem that both packages use the same settings keys for the credentials. Since django storages is much older, it would be prudent to either wrap the settings in its own dict (like many other packages do), or keep using the AWS_EB prefix for all settings. I prefer the first as it eliminates name conflicts quite effectively.

@melvyn-apryl melvyn-apryl mentioned this issue May 24, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@melvyn-apryl