https://pulumi.com logo
#general
Title
# general
g

gray-elephant-37695

04/15/2019, 12:27 PM
Ok answered my own question, not as magical as I thought - looks like lambda and ecs just get very open policies assigned to them.
w

white-balloon-205

04/15/2019, 1:34 PM
Yes - by default. You can customize the default roles via configuration variables. With the Lambda support in the
awsx
package, you can easily customize roles on a per-function basis as well.
g

gray-elephant-37695

04/15/2019, 2:03 PM
Thanks Luke, yeah I'm going with the awsx/aws packages for now. Are there any plans for pulumi cloud to "intelligently" apply the minimum required permissions based on how components are being used together?
w

white-balloon-205

04/15/2019, 3:33 PM
I can’t find the issue right now - but we have looked into computing minimum permissions based on captures references to specific resources. This should be possible, though you would often need to augment if you are also accessing things defined outside of Pulumi. If you want to open an issue to track, I’ll add some notes on how we’ve thought about doing this.
g

gray-elephant-37695

04/15/2019, 3:58 PM