GithubHelp home page GithubHelp logo

open-sl / serverless-permission-generator Goto Github PK

View Code? Open in Web Editor NEW
47.0 4.0 4.0 5.14 MB

An Online Application to generate AWS IAM permissions required for deploying a Serverless Framework stack.

Home Page: https://open-sl.github.io/serverless-permission-generator/

License: MIT License

HTML 3.69% CSS 0.65% JavaScript 95.66%
serverless material-ui material-ui-react hacktoberfest aws hacktoberfest2022

serverless-permission-generator's Introduction

Serverless Permission Policy Generator

An Online Application to generate AWS IAM permissions required for deploying a Serverless Framework stack.

Introduction

This application will provide you a user friendly UI to collect required resources details and a generator to build the relevant IAM policy for the collected information.

Visit the application from here

Available Features

  1. Basic permissions required for serverless application to be deployed
  2. S3 buckets created from serverless yaml
  3. SNS topics
  4. SQS
  5. Api Gateway if required
  6. Security group and VPC configuration related permission to connect to VPN
  7. Kinesis
  8. DynamoDB
  9. ALB listener and target group attachment permission required for lambdas exposed through ALBs.

How to use

  1. Enter project details and AWS account details
  2. Input required AWS resources details
  3. Click generate button
  4. Check the generated JSON
  5. Click copy button to copy values to clipboard
  6. Paste values in your IAM role permission policy

Development Guide

Prerequisites

  • git
  • npm
  • nvm (optional)
  • node v16

clone the application and install dependencies using

nvm use
npm install

run

npm start

to deploy application in localhost.

Contributing

  • We would greatly appreciate any contribution you make.
  • If you have ideas for more functionality or recipes that should be on this project, llet us know.

Project Maintainers

License

Serverless Permission Policy Generator is under the MIT license. See the License for more information.

serverless-permission-generator's People

Contributors

cbschuld avatar dekpient avatar nadunindunil avatar sachintha97 avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar

serverless-permission-generator's Issues

s3:DeleteBucketPolicy missing

On removing a project with a user that has the policy created by the generator, the s3:DeleteBucketPolicy is missing and therefore I get an error when trying to remove the cloudformation stack.

Steps to reproduce:

  1. Create a policy for a project on https://open-sl.github.io/serverless-permission-generator/
  2. Use that policy to deploy the project without entering a deployment-bucket in the serverless.yml
  3. Remove that service

Domain Manager (API Gateway)

Description

In order to use the serverless domain manager for serverless.com you need some additional IAM permissions. The team on that plugin was kind enough to denote them here:

https://www.npmjs.com/package/serverless-domain-manager

It would be wonderful to extend this tooling to have a checkbox for the Domain Manager.

I am happy to submit a PR but I am not sure covering an extension like this is something you want to cover?

Special Thanks

This is a really neat generator tool; I appreciate everyone who has worked on it!

Missing generated permissions

Prerequisites

  • Are you running the latest version?
  • Did you check the debugging guide?
  • Did you check this issue in Issue section?
  • Are you reporting to the correct repository?
  • Did you perform a cursory search?

For more information, see the CONTRIBUTING guide.

Description

The generated policy was not enough to deploy and had to add few more items manually

I had to add the following manually when pasting to AWS:

{
  "Effect": "Allow",
  "Action": "logs:PutSubscriptionFilter",
  "Resource": [
    "arn:aws:logs:<Region>:<Account ID>:log-group:/aws/lambda/*",
    "arn:aws:logs:<Region>:<Account ID>:log-group:/aws/api-gateway/*"
  ]
},
{
  "Effect": "Allow",
  "Action": "lambda:CreateEventSourceMapping",
  "Resource": "*"
}

As well, when using role per lambda plugin, i had to change the:
arn:aws:iam::<Account ID>:role/<Service>-<stage>-<region>-lambdaRole with arn:aws:iam::<Account ID>:role/<Service>-<stage>-<region>-*

HTTP API Gateway support

Hi all,

could you please add the support to HTTP API Gateway? With the current configuration I get this error:

An error occurred: HttpApi - User: <MY_USER_ARN> is not authorized to perform: apigateway:POST on resource: arn:aws:apigateway:eu-west-3::/apis (Service: AmazonApiGatewayV2; Status Code: 403; Error Code: AccessDeniedException; Request ID: <MY_REQUEST_ID>; Proxy: null).

Deployment fails when "Serverless Warmup Plugin" is used

Prerequisites

  • [ ✅] Are you running the latest version?
  • [✅ ] Did you check the debugging guide?
  • [ ✅] Did you check this issue in Issue section?
  • [ ✅] Are you reporting to the correct repository?
  • [ ✅] Did you perform a cursory search?

For more information, see the CONTRIBUTING guide.

Description

Is there a way to also factor in the Serverless Warmup Lambda deployment?
https://github.com/juanjoDiaz/serverless-plugin-warmup

Steps to Reproduce

Create a new project and import in the Serverless Warmup Plugin

Expected behavior: [What you expected to happen]

Lambda and Warmup lambda gets deployed

Actual behavior: [What actually happened]

Deployment fails

image

Versions

Latest version

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.