How to proactively check user permissions #1226
Comments
danotorrey
changed the title
|
By For SDK low-level APIs, you generally only need to add IAM permissions for that particular service. Incase if there are APIs that require multiple permissions, SDK doesn't have that information during client generation and so we don't have a feature you are asking for. |
|
@varunnvs92 Fantastic point on KCL. I had forgotten that KCL it is a separate library. Makes sense. We were looking for a "health check" type of operation that we could execute to verify that a particular credential set are valid and include authorization to the needed service (to avoid a runtime exception during operation of our service later due to missing permissions). It looks like we will probably need to perform a test execution of each needed AWS SDK service at the time when credentials are provided in order to verify that they work. |
Exclude mediatailor from backwards-compatability check as they are releasing breaking change
Question: We are building integrations with several AWS services using this SDK. Certain SDK features require very specific permissions to be present in order to function (for example: Kinesis stream subscription, which requires Kinesis and DynamoDB permissions https://docs.aws.amazon.com/streams/latest/dev/kcl-migration.html).
We would like to proactively check if a user has the needed permissions when they provide us their credentials (to avoid having our users hit a runtime error if they are missing a permission). Does the SDK support a way to do check if a permission is present without requiring the user to add explicit IAM permissions? Even a check like
client.userHasPermission( "kinesis:GetRecords")would be enough.Your Environment
The text was updated successfully, but these errors were encountered: