Include least-privileged-access IAM role for deploying the stack

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.

https://aws.amazon.com/solutions/aws-waf-security-automations

Apache License 2.0

835 stars 358 forks source link

Include least-privileged-access IAM role for deploying the stack #238

Open robbycuenot opened 1 year ago

robbycuenot commented 1 year ago

I've deployed this solution successfully using an AWSAdministrator role, however I'd like to create a new role with least-privileged access. Generating this using the access analyzer in a Control Tower account is very clunky, as it is necessary to grant cross-account access to cloudtrail logs in a different account. Can a sample IAM role be added to this repository?

WillAWS commented 1 year ago

Thanks for the enhancement request. We will add this to our backlog to be evaluated for future releases. In the mean time, you could create your custom IAM role in Cloudformation and follow the deployment steps in the readme as a current work around.