Open migara opened 8 months ago
The current lambda function used for auto scaling is attached with an IAM policy which is not constrained to specific resources. The intention of this effort is to check if we can tighten the policy based on resource tags
https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/pull/8#pullrequestreview-1855805977
Example
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringEquals": {"aws:ResourceTag/Owner": "${aws:username}"} } }, { "Effect": "Allow", "Action": "ec2:DescribeInstances", "Resource": "*" } ] }
The plan is to restrict the resource access to something more specific
The current lambda function used for auto scaling is attached with an IAM policy which is not constrained to specific resources. The intention of this effort is to check if we can tighten the policy based on resource tags
https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/pull/8#pullrequestreview-1855805977
Example