Document required IAM policy for deploying #62
Description
This is what I used for setting this up via Terraform, we should add this somewhere in a nice format:
data "aws_iam_policy_document" "github_api_deploy" {
statement {
actions = [
"lambda:InvokeFunction",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
]
resources = [data.aws_lambda_function.api_test.arn]
}
// Everything below here is only needed when NOT specifying --no-api-gateway
statement {
actions = ["lambda:AddPermission"]
resources = ["${data.aws_lambda_function.api_test.arn}:*"]
}
// This is only needed when NOT specifying --rest-api-id=
statement {
actions = ["apigateway:GET"]
resources = ["arn:aws:apigateway:eu-west-1::/restapis"]
}
statement {
actions = ["apigateway:PUT"]
resources = [data.aws_api_gateway_rest_api.api_test.arn]
}
statement {
actions = ["apigateway:POST"]
resources = ["${data.aws_api_gateway_rest_api.api_test.arn}/deployments"]
}
}