Álvaro Blázquez Checa

12/22/2021, 4:39 PM
Hi everyone. I am playing around with kotless. So far so good. And I am deploying my test project to aws. In order to do that I am trying to use an aws role with minimal permissions. In a real project could be problematic to use a role with full admin permissions.
For the most basic project kotless creates roles to enable lambada execution etc. But if you give iam:CreateRole permissions to “deployer role” you are giving pretty much everything to it.
has anyone faced this problem. Is there anyway to approach this without using roles or users with too broad permissions?
One solution I was thinking about is creating roles beforehand and importing them with terraform
this would imply manual step configuration before statarting with your CI/CD automation
but it is assumable