AWS user with minimal permissions to deploy Webiny and automated deployment question

Hi.

For the sake of security I’ve made a cloudformation template that delivers cli user credentials with as minimal permissions as I was able to find to deploy Webiny on AWS. I’ve done kind of reverse engineering following the cloudtrail api calls records. Then, I’ve tested it by doing real Webiny deployment on my AWS account with these credentials and adding all missing credentials found in Webiny log. I’m happy to hear any suggestions from Webiny developers.

Also, I started thinking how to automate the deployment process with some CI/CD pipeline. It’s probably not the best idea to keep the entire Webiny in my own github repo so what may be a better solution? Patches on Webiny with my own config files?

4 Likes

Wow! Love it! This is an ongoing issue, and we just can’t catch our breath to get to those permissions.
This is great help and we’ll give it another test and see how to incorporate it into the Quick Start guide. Thank you so much!

Regarding CI/CD:
I’m not sure what exactly are you referring to, your own project created with Webiny, or the actual Webiny repo?

Also, there is an issue with the state files created by the serverless components, located in api/.serverless and apps/.serverless; the problem is you don’t want them in your public Github repo. We’re in touch with the Serverless team, awaiting some news from their side regarding the whole deployment process. So for now we’re not making any moves towards CI/CD because we’re not sure what Serverless is up to.

Let’s keep this as is for now, just to get more info and make an informed move based on their decisions/strategy.

Cheers!

Hi @pavel,

Thanks for response and sorry for late reply.

I’m happy you found my cloudformation template useful. Probably it still lacks some permissions as I tested it during creation/update of the api and apps on production environment. However, it’s probably a good base to start and I think it will be easy for you to update it as you’re familiar with Webiny code and AWS api calls that it does.

In the nearest future I will provide a graph showing general concept of the ci/cd idea that came to my mind. Hope I’ll get some advices as I’m not really familiar with npm package manager.

Cheers,
Peter

1 Like