Permissions for @turbot/aws-cloudfront
Taking a look at permissions and associated grant levels for each permission for CloudFront:
Permission | Grant Level | Help |
---|---|---|
acm:ListCertificates | Metadata | Required by AWS Console for distribution creation. |
cloudfront:CreateCloudFrontOriginAccessIdentity | Admin | Cache configuration is done by Admins |
cloudfront:CreateDistribution | Admin | Cache configuration is done by Admins |
cloudfront:CreateDistributionWithTags | Admin | Cache configuration is done by Admins |
cloudfront:CreateFieldLevelEncryptionConfig | Admin | Admins can create configuration that specifies the profiles to use based on content type of request or a query argument for encrypting specific data fields. |
cloudfront:CreateFieldLevelEncryptionProfile | Admin | Admins can create Field-level encryption profiles which define the fields that are to be encrypted. |
cloudfront:CreateInvalidation | Operator | Operators can invalidate cache entries. |
cloudfront:CreatePublicKey | Admin | Admins can add a new public key to CloudFront to be used for field-level encryption. |
cloudfront:CreateStreamingDistribution | Admin | Cache configuration is done by Admins |
cloudfront:CreateStreamingDistributionWithTags | Admin | Cache configuration is done by Admins |
cloudfront:DeleteCloudFrontOriginAccessIdentity | Admin | Cache configuration is done by Admins |
cloudfront:DeleteDistribution | Admin | Cache configuration is done by Admins |
cloudfront:DeleteFieldLevelEncryptionConfig | Admin | |
cloudfront:DeleteFieldLevelEncryptionProfile | Admin | |
cloudfront:DeletePublicKey | Admin | |
cloudfront:DeleteStreamingDistribution | Admin | Cache configuration is done by Admins |
cloudfront:GetCloudFrontOriginAccessIdentity | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:GetCloudFrontOriginAccessIdentityConfig | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:GetDistribution | Metadata | All CloudFront distribution info is considered Metadata. |
cloudfront:GetDistributionConfig | Metadata | All CloudFront distribution info is considered Metadata. |
cloudfront:GetFieldLevelEncryption | Metadata | |
cloudfront:GetFieldLevelEncryptionConfig | Metadata | |
cloudfront:GetFieldLevelEncryptionProfile | Metadata | |
cloudfront:GetFieldLevelEncryptionProfileConfig | Metadata | |
cloudfront:GetInvalidation | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:GetPublicKey | Metadata | |
cloudfront:GetPublicKeyConfig | Admin | |
cloudfront:GetStreamingDistribution | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:GetStreamingDistributionConfig | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:ListCloudFrontOriginAccessIdentities | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:ListDistributions | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:ListDistributionsByWebACLId | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:ListFieldLevelEncryptionConfigs | Metadata | |
cloudfront:ListFieldLevelEncryptionProfiles | Metadata | |
cloudfront:ListInvalidations | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:ListPublicKeys | Metadata | |
cloudfront:ListStreamingDistributions | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:ListTagsForResource | Metadata | All CloudFront distribution info is considered Metadata |
cloudfront:TagResource | Operator | Operators can manage tags. |
cloudfront:UntagResource | Operator | Operators can manage tags. |
cloudfront:UpdateCloudFrontOriginAccessIdentity | Admin | Cache configuration is done by Admins |
cloudfront:UpdateDistribution | Admin | Cache configuration is done by Admins |
cloudfront:UpdateFieldLevelEncryptionConfig | Admin | |
cloudfront:UpdateFieldLevelEncryptionProfile | Admin | |
cloudfront:UpdatePublicKey | Admin | |
cloudfront:UpdateStreamingDistribution | Admin | Cache configuration is done by Admins |
elasticloadbalancing:DescribeLoadBalancers | Metadata | Required by AWS Console for distribution creation. |
iam:ListServerCertificates | Metadata | Required by AWS Console for distribution creation. |
s3:ListAllMyBuckets | Metadata | Required by AWS Console for distribution creation. |