Skip to content
This repository was archived by the owner on Dec 14, 2023. It is now read-only.
This repository was archived by the owner on Dec 14, 2023. It is now read-only.

Recommendation of AWS Policy with minimum necessary permissions for irsa-operator #22

Open
Open
Recommendation of AWS Policy with minimum necessary permissions for irsa-operator#22
@kgoralski

Description

@kgoralski
kgoralski
opened on Oct 27, 2021

Hey, nice work.

I have a question. Do you have any recommendation for aws_iam_policy_document for irsa-operator with minimum necessary permissions?

Inside the example:

data "aws_iam_policy_document" "irsa" {
  statement {
    sid    = "irsaIam"
    effect = "Allow"

    actions = [
      "iam:*"
    ]

    resources = ["*"]
  }
}

https://github.com/VoodooTeam/irsa-operator/blob/main/_doc/example/terraform/main.tf#L116-L127

For example such permissions doesn't seem to be necessary for the operator

  statement {
    effect = "Deny"
    actions = [
      "iam:DeleteUser",
      "iam:DeleteAccessKey",
      "iam:ChangePassword"
    ]
    resources = ["*"]
  }

thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions