IAM Deployment Policies

Vokal web deployments rely on access keys and secrets created when adding IAM users through AWS. For security purposes, these credentials should have limited access within AWS which can be managed through user permissions, or policies.

To view active users, you can go to 'Services' > 'IAM' and then select 'Users' in the left column. Users created for deployment should not have login capabilities, only access keys.

User Policies

There are three permissions a user will need to complete a web deployment: uploading for s3, creating an invalidation in Cloudfront, and SES access to send the deployment email. To change these permissions, select the desired user from the list and open the 'Permissions' tab on the detail view.

Repeat these steps for each deployment user. Afterwards, consult with your project's systems engineer on getting SES setup and verifying emails for deployment notifications.