Comments (2)
Hmm that's a good suggestion, but I'm not sure if we can do that because the prefix
method could be overridden by the developer. That seems like it could be a pretty bad experience if they change the prefix
of their functions and then they suddenly all 404 because they don't have the permissions.
Is that a tradeoff worth making? Do you have any thoughts on that?
from sidecar.
Well, I thought of this as I considered giving an update to a developer which would have meant them needing Sidecar to be working for them, i.e. they'd need to be able to deploy their own functions. So it is great you've thought of the SIDECAR_ENV, so they can work independently without breaking anyone else's work. I then realized however that that meant their laptop would now contain a dotenv file with the Sidecar AWS keys, so I just thought I'd check the scope. A bit worrying that anyone on a project working with Sidecar will have keys lying around that can potentially change any Lambdas in the account, i.e. our entire app - because it runs on Laravel Vapor, including production.
So I think it would be really good practice to limit the scope in some way by default - the "SC-" prefix would at least limit the scope to Sidecar, so might be a reasonable compromise.
I see the issue with the developer changing the prefix - but then maybe anyone concerned about AWS function names would also be the type that would not have a problem making the appropriate AWS policy changes to adapt?
Either way some documentation would be good:
- explain that by default, the policy is "open" - and how to edit the policy to limit it appropriately. (it's always so opaque trying to guess what scopes a given AWS operation requires!)
- make some default limitation, and explain how to adapt should you want to change the prefix.
BTW:
If you change the prefix, does it also override the "SC-" or just the name + environment part? It's not clear from the docs.
What about the "states" part of the policy - what is that used for?
from sidecar.
Related Issues (20)
- (weird issue) Deployment requires debug mode to deploy for the first time HOT 2
- How to deploy binaries (iconv)? HOT 1
- Upgrading to v0.4.0 resulted in Function `...` not found in environment `production`. It may exist other environments, you may need to overwrite the environment while deploying to `production`. HOT 1
- Segmentation fault when deploying HOT 9
- Container Handlers: Force redeploy if the container is updated HOT 2
- Configure action is unable to create bucket
- Invalid Request
- Webpage runtime list not in sync with README - missing Python 3.9-11, nodejs 18..etc HOT 1
- Latest Laravel version v10.21 not supported HOT 4
- In Lambda, Java containers cannot unzip zipped jar file HOT 1
- Nodejs Trace is cut off.
- User is not authorized to perform: lambda:GetLayerVersion on me-south-1
- Deploying functions with sub folders from Windows machines
- Lambda deprecating Node.js 14.x runtime HOT 1
- Getting Function `browsershot` not found in environment `staging` but fine locally HOT 2
- Upgrade maennchen.dev/ZipStream-PHP/ to v3 HOT 3
- Add support to Laravel 11 HOT 3
- Getting this weird error on Browsershot. Works fine on staginng ,but not live HOT 1
- Member must satisfy regular expression pattern HOT 1
- Error Number Value
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sidecar.