GorillaStack uses a cross-account role to connect your AWS Account to GorillaStack in order to run Rules, which is deployed using an AWS CloudFormation template.
We provide the option of customizing the template using the GorillaStack interface to restrict the available permissions to just the Actions and Triggers that you need (no CloudFormation knowledge needed!). This can be done on first-time Account Setup, or by updating the setup for already linked accounts.
The default template contains the permissions needed for all the Triggers and Actions in GorillaStack. These permissions may cover AWS services that you do not use, but in order to maintain 'the principle of least privilege', you may wish to remove the unwanted ones.
Another reason for customizing the template is to add new GorillaStack features to an existing Account Setup - this needs to be done so that the new IAM permissions are enabled for GorillaStack to run the feature in your AWS Account.
If you are first time user of GorillaStack, it's best to stay with the default setup (especially on test accounts) so you can try out the full set of Triggers and Actions. Once you are familiar with all the provided features, customizing the template is recommended so that you can declutter the Rules interface and maintain a 'principle of least privilege'.
During Account Setup, select the Customize link to begin the customization process.
If you've already installed GorillaStack, see the Updating Account Setup section for getting started.
Once you've selected Customize from the setup process, you'll be given the option of selecting which Triggers and Actions you want to include.
Once you're done, click the Apply button to continue with the create/update process, following the prompts to install or update the template in your AWS Account. GorillaStack will generate a new template with your customized account configuration.