Fortinet Document Library

Version:


Table of Contents

6.0.0
Copy Link

Security implications

It is highly recommended that you create a dedicated AWS IAM role to run this Lambda function. The role should have limited permissions in order to restrict operation on a dedicated S3 bucket resource for this project only.

It is never suggested to attach a full control policy such as 'AmazonS3FullAccess', which has full permissions to all resources under your AWS account, to the role which runs the Lambda function. Allowing full-access permissions to all resources may put your resources at risk.

Following is a list of permissions required for the IAM role to run this project across the required AWS services:

AWS service

Permission

S3

ListBucket, HeadBucket, GetObject, PutObject, PutObjectAcl

DynamoDB

DescribeStream, ListStreams, Scan, GetShardIterator, GetRecords, UpdateItem

Security implications

It is highly recommended that you create a dedicated AWS IAM role to run this Lambda function. The role should have limited permissions in order to restrict operation on a dedicated S3 bucket resource for this project only.

It is never suggested to attach a full control policy such as 'AmazonS3FullAccess', which has full permissions to all resources under your AWS account, to the role which runs the Lambda function. Allowing full-access permissions to all resources may put your resources at risk.

Following is a list of permissions required for the IAM role to run this project across the required AWS services:

AWS service

Permission

S3

ListBucket, HeadBucket, GetObject, PutObject, PutObjectAcl

DynamoDB

DescribeStream, ListStreams, Scan, GetShardIterator, GetRecords, UpdateItem