Wraps Logo
DocsHome
Guide

IAM Permissions

View and configure the exact AWS IAM permissions required for Wraps to deploy infrastructure to your account.

5 min
View Required Permissions

Use the CLI to see exactly what permissions are needed for your configuration:

GNU Bashterminal.sh
npx @wraps.dev/cli permissions

Command Options

The permissions command supports several options to customize the output:

--json

Output the full IAM policy as JSON (ready to paste into AWS Console):

GNU Bashterminal.sh
npx @wraps.dev/cli permissions --json
--preset <name>

Get permissions for a specific preset (starter, production, or enterprise):

GNU Bashterminal.sh
npx @wraps.dev/cli permissions --preset production --json
--service <name>

Get permissions for a specific service (email, sms, or cdn):

GNU Bashterminal.sh
npx @wraps.dev/cli permissions --service email --json

Permissions by Preset

The AWS services required depend on which configuration preset you choose:

Starter
~$0.05/mo

Basic email sending with open/click tracking

IAMSTSSESCloudWatch
Production
~$2-5/mo

Full event tracking with email history storage

IAMSTSSESCloudWatchEventBridgeSQSLambdaDynamoDB
Enterprise
~$50-100/mo

All features including SMTP credentials and dedicated IP

IAMSTSSESCloudWatchEventBridgeSQSLambdaDynamoDBIAM User Management

Optional Permissions

These permissions enhance functionality but are not required:

Route53

Automatic DNS record management

Alternative: Add DNS records manually to your provider

IAM OIDC Provider

Vercel deployments (OIDC federation)

Alternative: Use AWS access keys instead

1
Generate the Policy

Save the IAM policy JSON to a file:

GNU Bashterminal.sh
npx @wraps.dev/cli permissions --json > wraps-policy.json

2
Create Policy in AWS Console

  1. 1

    Go to IAM → Policies in the AWS Console

  2. 2

    Click Create Policy

  3. 3

    Select the JSON tab

  4. 4

    Paste the contents of your policy JSON file

  5. 5

    Name it WrapsDeploymentPolicy

3
Attach to Your IAM User/Role

  1. 1

    Go to IAM → Users (or Roles)

  2. 2

    Select your user or role

  3. 3

    Click Add permissions → Attach policies

  4. 4

    Search for and select WrapsDeploymentPolicy

Permission Errors

If you encounter permission errors during deployment:

  • Check the error message

    Wraps provides specific guidance for each permission error

  • Regenerate the policy

    Run wraps permissions --json to get the latest required permissions

  • Check for SCPs

    AWS Organizations may have Service Control Policies restricting what you can do

Next Steps

Deploy Infrastructure

Now that permissions are set up, deploy your first service.

Deploy Email
Troubleshooting

Having issues? Check common problems and solutions.

Troubleshooting