From 0b498d1ae6567f6f2f8a9fa4cd86ab822e4d939a Mon Sep 17 00:00:00 2001
From: stdoutput <moritz.sanft@outlook.de>
Date: Fri, 17 Mar 2023 09:14:45 +0100
Subject: [PATCH] add minimal aws permissions

---
 docs/docs/workflows/config.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/docs/docs/workflows/config.md b/docs/docs/workflows/config.md
index 4048e7a97..36e88696f 100644
--- a/docs/docs/workflows/config.md
+++ b/docs/docs/workflows/config.md
@@ -114,6 +114,9 @@ Since `clientSecretValue` is a sensitive value, you can leave it empty in the co
 
 You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session.
 
+Your GCP account also needs to have at least the following permissions:
+* `iam.serviceAccounts.create`
+
 ```bash
 constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test
 ```
@@ -129,6 +132,27 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml`
 
 You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session.
 
+Your AWS account also needs to have at least the following permissions:
+* `iam:CreatePolicy`
+* `iam:CreateRole`
+* `iam:GetPolicy`
+* `iam:GetRole`
+* `iam:GetPolicyVersion`
+* `iam:ListRolePolicies`
+* `iam:ListAttachedRolePolicies`
+* `iam:ListPolicyVersions`
+* `iam:ListInstanceProfilesForRole`
+* `iam:DeletePolicy`
+* `iam:DeleteRole`
+* `iam:AttachRolePolicy`
+* `iam:CreateInstanceProfile`
+* `iam:GetInstanceProfile`
+* `iam:RemoveRoleFromInstanceProfile`
+* `iam:DetachRolePolicy`
+* `iam:DeleteInstanceProfile`
+* `iam:AddRoleToInstanceProfile`
+* `iam:PassRole`
+
 ```bash
 constellation iam create aws --zone=eu-central-1a --prefix=constellTest
 ```