-
Notifications
You must be signed in to change notification settings - Fork 0
FAQ
Reto Aebersold edited this page May 10, 2022
·
4 revisions
Lola runs on Windows, macOS & Linux (Ubuntu 20.04).
We keep track of our changes here.
Lola uses the profiles stored in the .aws folder in your home directory exactly as the official AWS CLI does. Lola only reads this file to set up the SDK we use. Lola supports AWS SSO and other credential providers like aws-vault to keep your account secure.
The minimal policy for Lola looks like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"appsync:ListGraphqlApis",
"cloudformation:DescribeStacks",
"codepipeline:ListPipelines",
"cognito-idp:ListUserPools",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:Query",
"dynamodb:Scan",
"ec2:DescribeInstances",
"ecr:DescribeRepositories",
"ecs:ListClusters",
"eks:ListClusters",
"events:ListEventBuses",
"events:ListRules",
"iam:ListAccountAliases",
"iam:ListRoles",
"iam:ListUsers",
"lambda:GetFunction",
"lambda:ListFunctions",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:FilterLogEvents",
"logs:GetLogEvents",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"s3:ListAllMyBuckets",
"sns:ListTopics",
"sqs:ListQueues",
"states:ListStateMachines",
"sts:GetFederationToken"
],
"Resource": "*"
}
]
}
If you want to use Lola for only one resource type (i.e. Cloudwatch Logs) you can do that:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "LolaJustLogs",
"Effect": "Allow",
"Action": [
"iam:ListAccountAliases",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:FilterLogEvents",
"logs:GetLogEvents"
],
"Resource": "*"
}
]
}