IAM Managed Policies

Managed IAM policies are prebaked IAM policies managed by AWS. This is nice because when AWS releases new features with new API methods, AWS will update the IAM policy accordingly and we don’t have to update the policy ourselves. Managed polices are simple to use with Jets.

Managed IAM Policies Example

Here’s an example.


Jets.deploy.configure do |config|
  config.lambda.iam.managed_policy = ["AmazonS3FullAccess", "AmazonSNSFullAccess"]

The Managed IAM Policies shorthand above ultimately get expanded and included into the CloudFormation templates and associated with the Lambda Functions. It ulimately, looks something like this:

  Type: AWS::IAM::Role
    - arn:aws:iam::aws:policy/AmazonS3FullAccess
    - arn:aws:iam::aws:policy/AmazonSNSFullAccess

More details on what a raw IAM Policies can be found at:

App Lambda Function vs User Deploy IAM Policies

The IAM Policies docs on this page refer to the IAM policy associated with your Lambda Execution Role. These permissions control what AWS resources your Lambda functions have access to. This differs from the IAM Role required to deploy. If you are looking for the minimal IAM Policy to deploy a Jets application for your IAM user, check out Minimal Deploy IAM Policy.