23 lines
627 B
Markdown
23 lines
627 B
Markdown
I'm not sure what permissions are needed to create a UserPool. There is
|
|
no AWS managed policies for creating/updating/deleting a UserPool. In the
|
|
description of one of the managed Cognito policies, it says:
|
|
|
|
> You will need AWS account admin privileges to create new Cognito resources.
|
|
|
|
For my testing, I used the AdministratorAccess managed policy.
|
|
|
|
To follow the principle of least privilege, it's not clear which actions
|
|
Crossplane needs access to it. Here is a list of some areas that it might
|
|
touch:
|
|
|
|
* cognito-identity
|
|
* cognito-ip
|
|
* cognito-sync
|
|
* iam
|
|
* kinesis
|
|
* lambda
|
|
* sns
|
|
* ses
|
|
* mobiletargeting
|
|
* acm
|
|
* sms-voice
|