Minimal IAM Permissions for Launchpad
Launchpad for Data Fusion Community Edition requires AWS access keys. When creating access keys using IAM, what are the permissions that Launchpad requires? I know that the "AdministratorAccess" policy is sufficient, but is there a more minimal set of permissions that are recommended?
Best Answer
Hi Andrew,
We use terraform.io to build the infrastructure in AWS - it does need to create, read, update, and delete these resources -
resource "aws_key_pair" "launchpad-provision" resource "aws_instance" "master" resource "aws_instance" "slave_1" resource "aws_instance" "slave_2" resource "aws_security_group" "datafusion-public" resource "aws_security_group" "datafusion-private" resource "aws_security_group" "datafusion-inter-private" resource "aws_security_group" "datafusion-private-to-public" resource "aws_vpc" "datafusion" resource "aws_internet_gateway" "public" resource "aws_subnet" "datafusion-public-subnet" resource "aws_route_table" "public" resource "aws_route_table_association" "public" resource "aws_eip" "nat" resource "aws_nat_gateway" "nat"
Terraform doesn't have a way to output a nice policy document, but this should get you started. Let me know if you come up with something or would like some help with it.
Thanks,
-Eric