Fortinet black logo

AWS Administration Guide

Home FortiGate Public Cloud 7.4.0 AWS Administration Guide
7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Security implications

Security implications

Creating a dedicated AWS Identity & Access Management (IAM) role is highly recommended to run this Lambda function. The role should have limited permissions to restrict operation on a dedicated S3 bucket resource for only this project.

Attaching a full control policy such as AmazonS3FullAccess is never recommended. AmazonS3FullAccess has full permissions to all resources under your Amazon AWS account, to the role which runs the Lambda function. Allowing full-access permissions to all resources may put your resources at risk.

Following is a list of permissions required for the IAM role to run this project across the required AWS services:

AWS service

Permission

S3

ListBucket, HeadBucket, GetObject, PutObject, PutObjectAcl

DynamoDB

DescribeStream, ListStreams, Scan, GetShardIterator, GetRecords, UpdateItem
Previous
Next

Security implications

Creating a dedicated AWS Identity & Access Management (IAM) role is highly recommended to run this Lambda function. The role should have limited permissions to restrict operation on a dedicated S3 bucket resource for only this project.

Attaching a full control policy such as AmazonS3FullAccess is never recommended. AmazonS3FullAccess has full permissions to all resources under your Amazon AWS account, to the role which runs the Lambda function. Allowing full-access permissions to all resources may put your resources at risk.

Following is a list of permissions required for the IAM role to run this project across the required AWS services:

AWS service

Permission

S3

ListBucket, HeadBucket, GetObject, PutObject, PutObjectAcl

DynamoDB

DescribeStream, ListStreams, Scan, GetShardIterator, GetRecords, UpdateItem
Previous
Next