Minimal Deploy IAM Policy
The IAM user you use to run the
jets deploy command needs a minimal set of IAM policies in order to deploy a Jets application. Here is a table of the baseline services needed:
|To create the API Gateway resources.
|To create the CloudFormation stacks that then creates the most of the AWS resources that Jets creates.
|To look up DynamoDB table stream arn if using DynamoDB Events.
|To create the CloudWatch Event Rules for jobs.
|To create IAM roles to be associated with the Lambda functions.
|To prewarm the application upon deployment completion.
|To clean up CloudWatch logs when deleting the application.
|To create vanity DNS endpoint when using custom domains.
|To upload code to s3.
It is recommended that you create an IAM group and associate it with the IAM users that need access to use
jets deploy. Here are starter instructions and a policy that you can tailor for your needs. You can follow either the CLI or Console instructions.
Lambda Function vs User Deploy IAM Policies
This page refers to your user IAM policy used when running
jets deploy. These are different from the IAM Policies associated with created Lambda functions. For those iam policies refer to: