open-sl / serverless-permission-generator Goto Github PK

It's been over a year since any contributions were made, so just taking the project's pulse.

Hi all,

could you please add the support to HTTP API Gateway? With the current configuration I get this error:

An error occurred: HttpApi - User: <MY_USER_ARN> is not authorized to perform: apigateway:POST on resource: arn:aws:apigateway:eu-west-3::/apis (Service: AmazonApiGatewayV2; Status Code: 403; Error Code: AccessDeniedException; Request ID: <MY_REQUEST_ID>; Proxy: null).

On removing a project with a user that has the policy created by the generator, the s3:DeleteBucketPolicy is missing and therefore I get an error when trying to remove the cloudformation stack.

Steps to reproduce:

1. Create a policy for a project on https://open-sl.github.io/serverless-permission-generator/
2. Use that policy to deploy the project without entering a deployment-bucket in the serverless.yml
3. Remove that service

Hi all,

serverless framework supports those two systems in order to include secrets into your serverless application via env variables. It would be cool to have support for them into the configuration!

Prerequisites

• [ ✅] Are you running the latest version?
• [✅ ] Did you check the debugging guide?
• [ ✅] Did you check this issue in Issue section?
• [ ✅] Are you reporting to the correct repository?
• [ ✅] Did you perform a cursory search?

For more information, see the CONTRIBUTING guide.

Description

Is there a way to also factor in the Serverless Warmup Lambda deployment?
https://github.com/juanjoDiaz/serverless-plugin-warmup

Steps to Reproduce

Create a new project and import in the Serverless Warmup Plugin

Expected behavior: [What you expected to happen]

Lambda and Warmup lambda gets deployed

Actual behavior: [What actually happened]

Deployment fails

Versions

Latest version

Description

In order to use the serverless domain manager for serverless.com you need some additional IAM permissions. The team on that plugin was kind enough to denote them here:

https://www.npmjs.com/package/serverless-domain-manager

It would be wonderful to extend this tooling to have a checkbox for the Domain Manager.

I am happy to submit a PR but I am not sure covering an extension like this is something you want to cover?

Special Thanks

This is a really neat generator tool; I appreciate everyone who has worked on it!

Suggestion Only

Would be nice to store the original parameters in localStorage as iterating on changes is uncomfortable and having it store the account id would be a nice user experience

Prerequisites

• Are you running the latest version?
• Did you check the debugging guide?
• Did you check this issue in Issue section?
• Are you reporting to the correct repository?
• Did you perform a cursory search?

For more information, see the CONTRIBUTING guide.

Description

The generated policy was not enough to deploy and had to add few more items manually

I had to add the following manually when pasting to AWS:

{
  "Effect": "Allow",
  "Action": "logs:PutSubscriptionFilter",
  "Resource": [
    "arn:aws:logs:<Region>:<Account ID>:log-group:/aws/lambda/*",
    "arn:aws:logs:<Region>:<Account ID>:log-group:/aws/api-gateway/*"
  ]
},
{
  "Effect": "Allow",
  "Action": "lambda:CreateEventSourceMapping",
  "Resource": "*"
}

As well, when using role per lambda plugin, i had to change the:
arn:aws:iam::<Account ID>:role/<Service>-<stage>-<region>-lambdaRole with arn:aws:iam::<Account ID>:role/<Service>-<stage>-<region>-*

We need to set up unit tests for all react components and generator algorithms.