Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions in Microservices IAM Roles Are Too Permissive #184

Open
svozza opened this issue Jan 8, 2021 · 0 comments
Open

Permissions in Microservices IAM Roles Are Too Permissive #184

svozza opened this issue Jan 8, 2021 · 0 comments

Comments

@svozza
Copy link
Contributor

svozza commented Jan 8, 2021
edited

Looking at the CloudFormation for the mircroservices, I noticed that that it results in 6 IAM roles being created that all have identical permissions which span all the actions that every microservice wants to perform. This violates the principle of least privilege; each microservice should only have the permissions it requires to do its job.

My proposal is to create a roles.yaml template in the aws/cloudformation-templates/services folder that contains properly scoped IAM roles for each service, which is passed into the _template.yaml file. I am happy to do a PR for this.
@svozza svozza changed the title Permission in Microservices IAM Roles Are Too Permissiv; each microservice should only have the permissions it requires to do its job. Permission in Microservices IAM Roles Are Too Permissive Jan 8, 2021
@svozza svozza changed the title Permission in Microservices IAM Roles Are Too Permissive Permissions in Microservices IAM Roles Are Too Permissive Jan 8, 2021
@svozza svozza mentioned this issue Jan 11, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@svozza