Terence Kent09/27/2023, 3:22 AM
Attach theThat's a bit too much access for me to grant to flyte in most accounts, so I'd like to pair that down. I see from the Opta IaC for flyte, both those categories are provided the Opta s3 "write" access alias, which seems to translate to this:policy for now. S3 access can be tweaked later to narrow down the scope.
Does that sound about right? It seems a little narrow, I would have expected to also include things like
"s3:GetObject*", "s3:PutObject*", "s3:DeleteObject*", "s3:ListBucket"
David Espejo (he/him)09/27/2023, 10:32 AM