Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define necessary AWS permissions #17244

Closed
tomasbackman opened this issue Jan 22, 2021 · 3 comments
Closed

Define necessary AWS permissions #17244

tomasbackman opened this issue Jan 22, 2021 · 3 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. provider Pertains to the provider itself, rather than any interaction with AWS.

Comments

@tomasbackman
Copy link

tomasbackman commented Jan 22, 2021
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

There are lots of great aws resource in the provider. But they do not always directly match with services and similar in AWS.
(Like resources: aws_security_group_rule that actually is just a part of the security group service in EC2.)

And we all know "it would be good to" have and apply more precise permissions and our policies... but it is quite alot of job to set that up.

So I think it would be great if each resource had a list or similar with exactly which permissions that are required to create, modify or just use the resource. To make life much easier for us that do not want to only use "allow all" or admin permissions.

In the start it could be enough with separate lists for each resource. It would also be quite possible to automatically test if they are enough, just apply them to a role and try create! (Maybe more relevant for modules using several resource but still)

Later when all lists are created manually, they could maybe be automatically generated by te resources, and/or included as attributes, making it even easier to use.

New or Affected Resource(s)

Basically every resource since all would need it.. but in some ways noone since it could be seen as "just" documentation. (At least in the beginning.
@tomasbackman tomasbackman added the enhancement Requests to existing resources that expand the functionality or scope. label Jan 22, 2021
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Jan 22, 2021
@ewbankkit
Copy link
Contributor

@tomasbackman Thanks for raising this issue.
It has already been noticed in #9154 and is the subject of a current research topic.
I'm going to close this one as a duplicate so that we can concentrate discussion in the linked issue.
Please add any additional comments there.

@ewbankkit ewbankkit added provider Pertains to the provider itself, rather than any interaction with AWS. and removed needs-triage Waiting for first response or review from a maintainer. labels Jan 22, 2021
@tomasbackman
Copy link
Author

Ah yes I see, thanks

@ghost
Copy link

ghost commented Feb 21, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Feb 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. provider Pertains to the provider itself, rather than any interaction with AWS.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ewbankkit @tomasbackman