You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the "template.yaml" file, sfExecuteAWSService role has “ds:CreateIdentityPoolDirectory” and “ds:DeleteDirectory” permissions assigned. In an enterprise environment, that does seem overly permissive. Why are those required? Perhaps there's a valid use case?
That role also has the “s3:CreateBucket” permission without any reference to an arn resource. Would it be possible to pre-provision the required bucket(s), add that resource(s) arn to the "s3:Get*" permissions?
Will removing those permissions break the functionality of the CTI adapter and associated lambdas?
The text was updated successfully, but these errors were encountered:
At the "template.yaml" file, sfExecuteAWSService role has “ds:CreateIdentityPoolDirectory” and “ds:DeleteDirectory” permissions assigned. In an enterprise environment, that does seem overly permissive. Why are those required? Perhaps there's a valid use case?
That role also has the “s3:CreateBucket” permission without any reference to an arn resource. Would it be possible to pre-provision the required bucket(s), add that resource(s) arn to the "s3:Get*" permissions?
Will removing those permissions break the functionality of the CTI adapter and associated lambdas?
The text was updated successfully, but these errors were encountered: