Ping a Specific Port

Question

Bruno Bronosky

Asked: 2019-05-01 09:45:53 +0800 CST2019-05-01 09:45:53 +0800 CST 2019-05-01 09:45:53 +0800 CST

How to limit the permissions AWS IAM RoleA can grant to a role (Role B) it creates

772

In order to allow my developers to use the Serverless Framework to deploy new AWS Lambda functions, they have to be able to create roles. I'd like to give them permissions to create roles that can only do a limited number of things. For example s3:, dynamodb:, cloudfront:Update*

But I don't want them (RoleA) to be able to create roles (RoleB) that can do anything with EC2, IAM, etc. How might you limit this permission?

1 Answers

Voted

Lorenz_DR · Answer 1 · 2019-05-04T00:34:04+08:00

Lorenz_DR

2019-05-04T00:34:04+08:002019-05-04T00:34:04+08:00

I also had the same problem; the only solution I found was to create the role to be used with Lambdas before they actually made the deployment, and provide them the Role ARN to be passed to Serverless for the Lambda deployment.

In this way, they always used the same role(s) I gave them, and on the roles I attached custom policies with only the required permission for the Lambdas to work.

You only need to grant their user permission to list and attach roles if I remember correctly, instead of the CreateRole one.

0

How to limit the permissions AWS IAM RoleA can grant to a role (Role B) it creates

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?