Open bkirwan opened 10 months ago
Great solution, however, IAM permissions required provide a significant level of access to the head & compute nodes restricting the ability to deploy the solution into certain environments due to security concerns,
- Policy: arn:aws:iam::aws:policy/CloudWatchFullAccess - Policy: arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess - Policy: arn:aws:iam::aws:policy/AmazonSSMFullAccess - Policy: arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess
A set of policies that follow the principle of least privilege providing the bare minimum required would help address security concerns
Great feedback - the way to approach this is to run the solution and record API calls using AWS CloudTrail then only add those permissions.
Great solution, however, IAM permissions required provide a significant level of access to the head & compute nodes restricting the ability to deploy the solution into certain environments due to security concerns,
A set of policies that follow the principle of least privilege providing the bare minimum required would help address security concerns