Product logo
DocsBlogPricing

Permissions for @turbot/aws-cloudfront

Taking a look at permissions and associated grant levels for each permission for CloudFront:

PermissionGrant LevelHelp
acm:ListCertificatesMetadataRequired by AWS Console for distribution creation.
cloudfront:CreateCloudFrontOriginAccessIdentityAdminCache configuration is done by Admins
cloudfront:CreateDistributionAdminCache configuration is done by Admins
cloudfront:CreateDistributionWithTagsAdminCache configuration is done by Admins
cloudfront:CreateFieldLevelEncryptionConfigAdminAdmins can create configuration that specifies the profiles to use based on content type of request or a query argument for encrypting specific data fields.
cloudfront:CreateFieldLevelEncryptionProfileAdminAdmins can create Field-level encryption profiles which define the fields that are to be encrypted.
cloudfront:CreateInvalidationOperatorOperators can invalidate cache entries.
cloudfront:CreatePublicKeyAdminAdmins can add a new public key to CloudFront to be used for field-level encryption.
cloudfront:CreateStreamingDistributionAdminCache configuration is done by Admins
cloudfront:CreateStreamingDistributionWithTagsAdminCache configuration is done by Admins
cloudfront:DeleteCloudFrontOriginAccessIdentityAdminCache configuration is done by Admins
cloudfront:DeleteDistributionAdminCache configuration is done by Admins
cloudfront:DeleteFieldLevelEncryptionConfigAdmin
cloudfront:DeleteFieldLevelEncryptionProfileAdmin
cloudfront:DeletePublicKeyAdmin
cloudfront:DeleteStreamingDistributionAdminCache configuration is done by Admins
cloudfront:GetCloudFrontOriginAccessIdentityMetadataAll CloudFront distribution info is considered Metadata
cloudfront:GetCloudFrontOriginAccessIdentityConfigMetadataAll CloudFront distribution info is considered Metadata
cloudfront:GetDistributionMetadataAll CloudFront distribution info is considered Metadata.
cloudfront:GetDistributionConfigMetadataAll CloudFront distribution info is considered Metadata.
cloudfront:GetFieldLevelEncryptionMetadata
cloudfront:GetFieldLevelEncryptionConfigMetadata
cloudfront:GetFieldLevelEncryptionProfileMetadata
cloudfront:GetFieldLevelEncryptionProfileConfigMetadata
cloudfront:GetInvalidationMetadataAll CloudFront distribution info is considered Metadata
cloudfront:GetPublicKeyMetadata
cloudfront:GetPublicKeyConfigAdmin
cloudfront:GetStreamingDistributionMetadataAll CloudFront distribution info is considered Metadata
cloudfront:GetStreamingDistributionConfigMetadataAll CloudFront distribution info is considered Metadata
cloudfront:ListCloudFrontOriginAccessIdentitiesMetadataAll CloudFront distribution info is considered Metadata
cloudfront:ListDistributionsMetadataAll CloudFront distribution info is considered Metadata
cloudfront:ListDistributionsByWebACLIdMetadataAll CloudFront distribution info is considered Metadata
cloudfront:ListFieldLevelEncryptionConfigsMetadata
cloudfront:ListFieldLevelEncryptionProfilesMetadata
cloudfront:ListInvalidationsMetadataAll CloudFront distribution info is considered Metadata
cloudfront:ListPublicKeysMetadata
cloudfront:ListStreamingDistributionsMetadataAll CloudFront distribution info is considered Metadata
cloudfront:ListTagsForResourceMetadataAll CloudFront distribution info is considered Metadata
cloudfront:TagResourceOperatorOperators can manage tags.
cloudfront:UntagResourceOperatorOperators can manage tags.
cloudfront:UpdateCloudFrontOriginAccessIdentityAdminCache configuration is done by Admins
cloudfront:UpdateDistributionAdminCache configuration is done by Admins
cloudfront:UpdateFieldLevelEncryptionConfigAdmin
cloudfront:UpdateFieldLevelEncryptionProfileAdmin
cloudfront:UpdatePublicKeyAdmin
cloudfront:UpdateStreamingDistributionAdminCache configuration is done by Admins
elasticloadbalancing:DescribeLoadBalancersMetadataRequired by AWS Console for distribution creation.
iam:ListServerCertificatesMetadataRequired by AWS Console for distribution creation.
s3:ListAllMyBucketsMetadataRequired by AWS Console for distribution creation.