issues
search
Azure
/
enterprise-azure-policy-as-code
Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline)
https://azure.github.io/enterprise-azure-policy-as-code/
MIT License
430
stars
237
forks
source link
Clarify SPNs, Least Privilege, and environments for CI/CD
#519
Closed
techlake
closed
1 month ago
techlake
commented
7 months ago
Refine currently needed RBAC and MS Graph permissions (if any) for read, as well as Policy updates and Roles Updates.
Simplify SPNs:
SPN for tenant wide read to execute Build-DeploymentPlan
One SPN per pacEnvironment to execute Deploy-PolicyPlan
One SPN per pacEnvironment to execute Deploy-RolesPlan
One SPN per pacEnvironment to execute Create-AzRemediationTasks
Document revised approach
Investigate using OpenID instead of secrets for SPNs
Azure DevOps
GitHub Actions
AB#44038
apybar
commented
2 months ago
Adding to backlog
apybar
commented
2 months ago apybar
commented
2 months ago
AB#44038