By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to find IAM access permissions needed to launch a Cloudformation template?

0

Hi there,

I actually have created an AWS Cloudformation template with all the privileges and therefore did not face any diificulty in launching the same. But now I would like to give my template to other people so that they can run it along with the minimum required privileges to launch the template. Now, my problem is, I am not able to filter what all privileges do other people would need to launch my template? Is there a simple solution to this? I came across something called as IAM Access Analyzer, but thought of asking here to get a simpler solution. thanks in advance!

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS CloudFormationIAM Policies
Language
English
ConfidentialDev
asked 8 months ago484 views
1 Answer
0

As far as I'm aware, there's no easy option where you can provide a template and it will tell you what permissions you need.

There are a couple of options though

  1. Look through the documentation for each service and identify the permissions you'll need to manage a resource - https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html is a useful document for this.
  2. you could deploy the template with a specific IAM role then use CloudTrail to review the actions that were carried out.

Don't forget you don't just need actions to create the resources, but also to query, update and delete.

profile picture
Simon Hanmer
answered 8 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 8 months ago
profile picture
EXPERT
Gary Mclean
reviewed 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content