Enhance the IAM Policy Permissions for Auto Scaling #24

migara · 2024-03-28T10:30:39Z

The current lambda function used for auto scaling is attached with an IAM policy which is not constrained to specific resources. The intention of this effort is to check if we can tighten the policy based on resource tags

#8 (review)

Example

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances"
            ],
            "Resource": "arn:aws:ec2:*:*:instance/*",
            "Condition": {
                "StringEquals": {"aws:ResourceTag/Owner": "${aws:username}"}
            }
        },
        {
            "Effect": "Allow",
            "Action": "ec2:DescribeInstances",
            "Resource": "*"
        }
    ]
}

The text was updated successfully, but these errors were encountered:

migara · 2024-06-27T09:08:57Z

The plan is to restrict the resource access to something more specific

migara assigned lstadnik Mar 28, 2024

sebastianczech mentioned this issue Apr 2, 2024

chore: Pre-Commit dependencies update #26

Merged

github-actions bot added the stale label Apr 28, 2024

github-actions bot removed the stale label Jun 28, 2024

github-actions bot added the stale label Jul 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhance the IAM Policy Permissions for Auto Scaling #24

Enhance the IAM Policy Permissions for Auto Scaling #24

migara commented Mar 28, 2024

migara commented Jun 27, 2024

Enhance the IAM Policy Permissions for Auto Scaling #24

Enhance the IAM Policy Permissions for Auto Scaling #24

Comments

migara commented Mar 28, 2024

migara commented Jun 27, 2024