Baisc Permission for execution


#1

Hi,
I have a scenario where we have a user created by IAM and we want to give basic permissions to that users such that he cannot view or modify the functions or services of the root user.
can anyone suggest me the best way to do it ?


#2

Sounds like you should be deploying those resource in to a separate AWS account.

Serverless requires IAM privileges to deploy a service (so that it can create the requisite IAM roles for you functions), so there’s not much you can do to lock-down a user that needs to deploy Serverless services…


#3

Thanks for the response, are you sure there is no way to do it in same account where each user is isolated and limited to just his functions (in case of Lambda ) ?


#4

@array-addu You can’t.

The best practice with Lambda is for each developer and environment to have their own AWS account.