Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CI user priveledges to use least priveledge #14

Open
ashley-evans opened this issue Sep 3, 2021 · 0 comments
Open

Update CI user priveledges to use least priveledge #14

ashley-evans opened this issue Sep 3, 2021 · 0 comments
Labels
3

Comments

@ashley-evans
Copy link
Owner

Description

Currently the CI users, created by the buzzword-ci-users.yml template, have full access to all of the AWS services that they require in order to create/update/delete resources in AWS.

These users do not require full access to these resources and enabling them to have full access isn't a security best practise. Therefore, the privileges for these users should be updated such that they are only granted the least priveledge to deploy the buzzword stack.

Acceptance Criteria

AC01

  • Update buzzword-ci-users.yml to no longer grant full access to all the services for each of the buzzword CI users
  • Update buzzword-ci-users.yml to grant least priveledge to the buzzword CI users

AC02

  • Test, Validate, and Deploy jobs in the Validate and Deploy pipeline must still pass as previously
@ashley-evans ashley-evans added the 3 label Sep 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ashley-evans