Permissions for @turbot/aws-qldb
Taking a look at permissions and associated grant levels for each permission for QLDB:
| Permission | Grant Level | Help |
|---|---|---|
| iam:ListRoles | Metadata | |
| kms:DescribeKey | Metadata | |
| kms:ListAliases | Metadata | |
| qldb:CreateLedger | Admin | |
| qldb:DeleteLedger | Admin | |
| qldb:DescribeJournalS3Export | Metadata | |
| qldb:DescribeLedger | Metadata | |
| qldb:ExecuteStatement | Admin | |
| qldb:ExportJournalToS3 | Admin | |
| qldb:GetBlock | Metadata | |
| qldb:GetDigest | Metadata | |
| qldb:GetRevision | Metadata | |
| qldb:InsertSampleData | Admin | |
| qldb:ListJournalS3Exports | Metadata | |
| qldb:ListJournalS3ExportsForLedger | Metadata | |
| qldb:ListLedgers | Metadata | |
| qldb:ListTagsForResource | Metadata | |
| qldb:SendCommand | Admin | |
| qldb:ShowCatalog | Admin | |
| qldb:TagResource | Operator | |
| qldb:UntagResource | Operator | |
| qldb:UpdateLedger | Admin | |
| s3:GetBucketLocation | Metadata | |
| s3:ListAllMyBuckets | Metadata |