|
|
|
|
|
|
by mdaniel
607 days ago
|
|
|
I thank goodness I have access to a non-stupid Terraform state provider[1] so I've never tried that S3+dynamodb setup but, if I understand the situation correctly, introducing Yet Another AWS Service ™ into this mix would mandate that callers also be given a `dynamo:WriteSomething` IAM perm, which is actually different from S3 in that in S3 one can -- at their discretion -- set the policies on the bucket such that it would work without any explicit caller IAM 1: https://docs.gitlab.com/ee/user/infrastructure/iac/terraform... |
|
|