-
Story
-
Resolution: Done
-
Blocker
-
None
-
None
It is missing from the documentation what permissions the ccoctl needs when running sts manual mode.
I have done some research and customers would need to add the following permissions to the user:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:GetRole",
"s3:GetBucketTagging",
"s3:CreateBucket",
"s3:ListBucket",
"iam:CreateRole",
"iam:TagRole",
"iam:PutRolePolicy",
"iam:ListRoles",
"iam:DeleteRole",
"s3:GetBucketAcl",
"iam:CreateOpenIDConnectProvider",
"s3:PutObject",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:PutBucketTagging",
"iam:ListOpenIDConnectProviders",
"iam:DeleteRolePolicy",
"s3:GetObjectTagging",
"s3:PutBucketAcl",
"s3:PutObjectTagging",
"iam:GetUser",
"s3:DeleteObject",
"iam:ListRolePolicies",
"iam:DeleteOpenIDConnectProvider",
"iam:GetOpenIDConnectProvider",
"s3:DeleteBucket",
"iam:TagOpenIDConnectProvider",
"s3:PutObjectAcl"
],
"Resource": "*"
}
]
}
