search

cdklabs / cdk-cicd-wrapper

This repository contains the infrastructure as code to wrap your AWS CDK project with CI/CD around it.
https://cdklabs.github.io/cdk-cicd-wrapper/
Apache License 2.0
26 stars 6 forks source link

[FEATURE] Add condition to restrict source account on Encryption Stack #74

Open pabhermoso opened 3 months ago

pabhermoso commented 3 months ago

Describe the feature

When building the Encryption Stack, there is an overly permissive role for the logs:

{ "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:ReEncrypt" ], "Effect": "Allow", "Principal": { "Service": "logs.eu-west-1.amazonaws.com" }, "Resource": "*" }

Use Case

Detail for security least priviledge.

Proposed Solution

No response

Other Information

No response

Acknowledgements

Environment details (OS name and version, etc.)

CDK