OIDC IAM policy for CI/CD Deployments #115
Assignees
Labels
Comments
|
@tloubrieu-jpl @viviant100 I've provided a more restrictive policy to Andrew from SA over Slack. They need to review it and configure it for the OIDC IAM role. If any changes are required, kindly work with Andrew to add/remove permissions. |
|
Refactor policy provided to SA team with resource blocks |
|
Ready for the SA's to deploy. |
|
Andrew will setup a call Wednesday on that. |
|
Sagar to work with Paul from SA team to add prefix conditions instead of tags in OIDC policy. |
|
Sagar works on a IAM policy script which uses the prefix of ARN to filter the resources which can be deployed. |
|
Policy updated as requested by SA team with resource ARNs and prefixes. SA review in progress. |
|
@sjoshi-jpl added 2 sub-tasks to issue above |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
💡 Description
Draft a more restrictive OIDC policy for CI/CD deployments in MCP. This is a replacement policy for current MCP OIDC policy in Dev.
Sub-tasks
The text was updated successfully, but these errors were encountered: