Skip to content
This repository has been archived by the owner on Dec 14, 2023. It is now read-only.

Recommendation of AWS Policy with minimum necessary permissions for irsa-operator #22

Open
kgoralski opened this issue Oct 27, 2021 · 0 comments
Open

Recommendation of AWS Policy with minimum necessary permissions for irsa-operator #22

kgoralski opened this issue Oct 27, 2021 · 0 comments

Comments

@kgoralski
Copy link

kgoralski commented Oct 27, 2021
edited
Loading

Hey, nice work.

I have a question. Do you have any recommendation for aws_iam_policy_document for irsa-operator with minimum necessary permissions?

Inside the example:

data "aws_iam_policy_document" "irsa" {
  statement {
    sid    = "irsaIam"
    effect = "Allow"

    actions = [
      "iam:*"
    ]

    resources = ["*"]
  }
}

https://github.com/VoodooTeam/irsa-operator/blob/main/_doc/example/terraform/main.tf#L116-L127

For example such permissions doesn't seem to be necessary for the operator

  statement {
    effect = "Deny"
    actions = [
      "iam:DeleteUser",
      "iam:DeleteAccessKey",
      "iam:ChangePassword"
    ]
    resources = ["*"]
  }

thanks!
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kgoralski