Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dominodatalab/deployer-iam-policies
Restrictive IAM Policies for the Domino Deployer
https://github.com/dominodatalab/deployer-iam-policies
Last synced: 29 days ago
JSON representation
Restrictive IAM Policies for the Domino Deployer
- Host: GitHub
- URL: https://github.com/dominodatalab/deployer-iam-policies
- Owner: dominodatalab
- Created: 2020-09-02T22:12:45.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2022-12-15T19:18:57.000Z (about 2 years ago)
- Last Synced: 2023-08-07T03:05:38.530Z (over 1 year ago)
- Language: HCL
- Size: 5.86 KB
- Stars: 0
- Watchers: 14
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# deployer-iam-policies
Restrictive IAM Policies for the Domino DeployerThese are IAM policies that attempt to minimize the permissions required to perform a Domino deployment.
It is distributed as a terraform module with the following variables:
* aws\_region [required]: AWS region (ie us-west-2)
* stage [default: domino]: Domino Deployment "stage" name (ie "domino-example"); can be a prefix (ie "domino" for "domino-example"), as it's globbed
* create\_user [default: false]: Create an IAM user for deployment, with access keys, associated with these policies
* dev [default: false]: Extra policies for route53 hosted zone support, used for internal developmentHowever, if you want to apply the policies directly you'll want to fill out the one templated variable: stage
You can do this easily for each policy file with sed:
```
cat iam-policy-a.json | sed 's/${stage}/domino/g' > iam-policy-a-complete.txt
cat iam-policy-b.json | sed 's/${stage}/domino/g' > iam-policy-b-complete.txt
```