For the sake of security I’ve made a cloudformation template that delivers cli user credentials with as minimal permissions as I was able to find to deploy Webiny on AWS. I’ve done kind of reverse engineering following the cloudtrail api calls records. Then, I’ve tested it by doing real Webiny deployment on my AWS account with these credentials and adding all missing credentials found in Webiny log. I’m happy to hear any suggestions from Webiny developers.
Also, I started thinking how to automate the deployment process with some CI/CD pipeline. It’s probably not the best idea to keep the entire Webiny in my own github repo so what may be a better solution? Patches on Webiny with my own config files?