You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the CI users, created by the buzzword-ci-users.yml template, have full access to all of the AWS services that they require in order to create/update/delete resources in AWS.
These users do not require full access to these resources and enabling them to have full access isn't a security best practise. Therefore, the privileges for these users should be updated such that they are only granted the least priveledge to deploy the buzzword stack.
Acceptance Criteria
AC01
Update buzzword-ci-users.yml to no longer grant full access to all the services for each of the buzzword CI users
Update buzzword-ci-users.yml to grant least priveledge to the buzzword CI users
AC02
Test, Validate, and Deploy jobs in the Validate and Deploy pipeline must still pass as previously
The text was updated successfully, but these errors were encountered:
Description
Currently the CI users, created by the
buzzword-ci-users.yml
template, have full access to all of the AWS services that they require in order to create/update/delete resources in AWS.These users do not require full access to these resources and enabling them to have full access isn't a security best practise. Therefore, the privileges for these users should be updated such that they are only granted the least priveledge to deploy the buzzword stack.
Acceptance Criteria
AC01
buzzword-ci-users.yml
to no longer grant full access to all the services for each of the buzzword CI usersbuzzword-ci-users.yml
to grant least priveledge to the buzzword CI usersAC02
The text was updated successfully, but these errors were encountered: