48 lines
1.7 KiB
Markdown
48 lines
1.7 KiB
Markdown
## AWS Permissions
|
|
|
|
If you are deploying from a restricted AWS account, you will need the following permissions:
|
|
|
|
```
|
|
"acm:DescribeCertificate", // only for custom domains
|
|
"acm:ListCertificates", // only for custom domains
|
|
"acm:RequestCertificate", // only for custom domains
|
|
"cloudfront:CreateCloudFrontOriginAccessIdentity",
|
|
"cloudfront:CreateDistribution",
|
|
"cloudfront:CreateInvalidation",
|
|
"cloudfront:GetDistribution",
|
|
"cloudfront:GetDistributionConfig",
|
|
"cloudfront:ListCloudFrontOriginAccessIdentities",
|
|
"cloudfront:ListDistributions",
|
|
"cloudfront:ListDistributionsByLambdaFunction",
|
|
"cloudfront:ListDistributionsByWebACLId",
|
|
"cloudfront:ListFieldLevelEncryptionConfigs",
|
|
"cloudfront:ListFieldLevelEncryptionProfiles",
|
|
"cloudfront:ListInvalidations",
|
|
"cloudfront:ListPublicKeys",
|
|
"cloudfront:ListStreamingDistributions",
|
|
"cloudfront:UpdateDistribution",
|
|
"iam:AttachRolePolicy",
|
|
"iam:CreateRole",
|
|
"iam:CreateServiceLinkedRole",
|
|
"iam:GetRole",
|
|
"iam:PassRole",
|
|
"lambda:CreateFunction",
|
|
"lambda:EnableReplication",
|
|
"lambda:DeleteFunction", // only for custom domains
|
|
"lambda:GetFunction",
|
|
"lambda:GetFunctionConfiguration",
|
|
"lambda:PublishVersion",
|
|
"lambda:UpdateFunctionCode",
|
|
"lambda:UpdateFunctionConfiguration",
|
|
"route53:ChangeResourceRecordSets", // only for custom domains
|
|
"route53:ListHostedZonesByName",
|
|
"route53:ListResourceRecordSets", // only for custom domains
|
|
"s3:CreateBucket",
|
|
"s3:GetAccelerateConfiguration",
|
|
"s3:GetObject", // only if persisting state to S3 for CI/CD
|
|
"s3:HeadBucket",
|
|
"s3:ListBucket",
|
|
"s3:PutAccelerateConfiguration",
|
|
"s3:PutBucketPolicy",
|
|
"s3:PutObject"
|
|
```
|