This set of CloudFormation templates and Python scripts will set up an auto-rotation function that will automatically rotate your AWS IAM User Access Keys every 90 days.
MIT No Attribution
140
stars
130
forks
source link
[Requesting Clarification][Multiple FullAccess managed permission attached to IAM role created under ASA-iam-key-auto-rotation-and-notifier-solution.yaml ] #36
This is too elaborate and not as per the best security standards. Hence wanted to check if these FullAccess permissions are actually needed for proper working of the solution or we can provide a minimum set of permission needed in this case.
Hello Team,
We see AmazonEC2FullAccess and AmazonSSMFullAccess managed permission being attached to the IAM role created under ASA-iam-key-auto-rotation-and-notifier-solution.yaml :- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ https://github.com/aws-samples/aws-iam-access-key-auto-rotation/blame/d03ff78c27bdd2ff8ff278a23213e2967f83791d/CloudFormation/ASA-iam-key-auto-rotation-and-notifier-solution.yaml#L254
https://github.com/aws-samples/aws-iam-access-key-auto-rotation/blame/d03ff78c27bdd2ff8ff278a23213e2967f83791d/CloudFormation/ASA-iam-key-auto-rotation-and-notifier-solution.yaml#L322
https://github.com/aws-samples/aws-iam-access-key-auto-rotation/blame/d03ff78c27bdd2ff8ff278a23213e2967f83791d/CloudFormation/ASA-iam-key-auto-rotation-and-notifier-solution.yaml#L426
https://github.com/aws-samples/aws-iam-access-key-auto-rotation/blame/d03ff78c27bdd2ff8ff278a23213e2967f83791d/CloudFormation/ASA-iam-key-auto-rotation-and-notifier-solution.yaml#L253 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is too elaborate and not as per the best security standards. Hence wanted to check if these FullAccess permissions are actually needed for proper working of the solution or we can provide a minimum set of permission needed in this case.
Thank you