Minimum IAM Policy required for Deploying to AWS Beanstalk.
Important: The Application and Environment must be previously created by the Account Administrator and should not be handled to GeneXus Deploy.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"autoscaling:*",
"cloudformation:*",
"ec2:*",
"elasticbeanstalk:CreateStorageLocation"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"elasticbeanstalk:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticbeanstalk:*::solutionstack/*",
"arn:aws:elasticbeanstalk:us-east-1:ACCOUNT_NUMBER:application/APPLICATION_NAME",
"arn:aws:elasticbeanstalk:us-east-1:ACCOUNT_NUMBER:applicationversion/APPLICATION_NAME/*",
"arn:aws:elasticbeanstalk:us-east-1:ACCOUNT_NUMBER:environment/APPLICATION_NAME/*",
"arn:aws:elasticbeanstalk:us-east-1:ACCOUNT_NUMBER:template/APPLICATION_NAME/*"
]
},
{
"Action": [
"s3:GetObject",
"s3:CreateBucket",
"s3:DeleteObject",
"s3:GetBucketPolicy",
"s3:GetObjectAcl",
"s3:ListBucket",
"s3:PutBucketPolicy",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*/*"
]
}
]
}