You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Looking at the CloudFormation for the mircroservices, I noticed that that it results in 6 IAM roles being created that all have identical permissions which span all the actions that every microservice wants to perform. This violates the principle of least privilege; each microservice should only have the permissions it requires to do its job.
My proposal is to create a roles.yaml template in the aws/cloudformation-templates/services folder that contains properly scoped IAM roles for each service, which is passed into the _template.yaml file. I am happy to do a PR for this.
The text was updated successfully, but these errors were encountered:
svozza
changed the title
Permission in Microservices IAM Roles Are Too Permissiv; each microservice should only have the permissions it requires to do its job.
Permission in Microservices IAM Roles Are Too Permissive
Jan 8, 2021
svozza
changed the title
Permission in Microservices IAM Roles Are Too Permissive
Permissions in Microservices IAM Roles Are Too Permissive
Jan 8, 2021
Looking at the CloudFormation for the mircroservices, I noticed that that it results in 6 IAM roles being created that all have identical permissions which span all the actions that every microservice wants to perform. This violates the principle of least privilege; each microservice should only have the permissions it requires to do its job.
My proposal is to create a
roles.yaml
template in theaws/cloudformation-templates/services
folder that contains properly scoped IAM roles for each service, which is passed into the_template.yaml
file. I am happy to do a PR for this.The text was updated successfully, but these errors were encountered: