I am about to make my Github repo public and share my project with the world. That includes my
serverless.yml file contains the ARNs of my layer, DynamoDB table and S3 bucket. For example:
service: name-of-my-app frameworkVersion: '2' provider: ... iamRoleStatements: - Effect: "Allow" Action: - dynamodb:Query - dynamodb:Scan - dynamodb:GetItem - dynamodb:PutItem - dynamodb:UpdateItem - dynamodb:DeleteItem Resource: - arn:aws:dynamodb:us-east-1:12345678901:table/my_table_name - Effect: "Allow" Action: - s3:GetObject - s3:PutObject - s3:PutObjectAcl Resource: - arn:aws:s3:::my-s3-bucket-name/*
Is there anything wrong with doing this? Anything containing credentials will be private, obviously, but I am not sure if ARNs should be kept private too. If so, how do you achieve this?