From 0b498d1ae6567f6f2f8a9fa4cd86ab822e4d939a Mon Sep 17 00:00:00 2001 From: stdoutput Date: Fri, 17 Mar 2023 09:14:45 +0100 Subject: [PATCH] add minimal aws permissions --- docs/docs/workflows/config.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/docs/workflows/config.md b/docs/docs/workflows/config.md index 4048e7a97..36e88696f 100644 --- a/docs/docs/workflows/config.md +++ b/docs/docs/workflows/config.md @@ -114,6 +114,9 @@ Since `clientSecretValue` is a sensitive value, you can leave it empty in the co You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session. +Your GCP account also needs to have at least the following permissions: +* `iam.serviceAccounts.create` + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test ``` @@ -129,6 +132,27 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml` You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session. +Your AWS account also needs to have at least the following permissions: +* `iam:CreatePolicy` +* `iam:CreateRole` +* `iam:GetPolicy` +* `iam:GetRole` +* `iam:GetPolicyVersion` +* `iam:ListRolePolicies` +* `iam:ListAttachedRolePolicies` +* `iam:ListPolicyVersions` +* `iam:ListInstanceProfilesForRole` +* `iam:DeletePolicy` +* `iam:DeleteRole` +* `iam:AttachRolePolicy` +* `iam:CreateInstanceProfile` +* `iam:GetInstanceProfile` +* `iam:RemoveRoleFromInstanceProfile` +* `iam:DetachRolePolicy` +* `iam:DeleteInstanceProfile` +* `iam:AddRoleToInstanceProfile` +* `iam:PassRole` + ```bash constellation iam create aws --zone=eu-central-1a --prefix=constellTest ```