Review permissions of data.all IAM roles

data-dot-all / dataall

A modern data marketplace that makes collaboration among diverse users (like business, analysts and engineers) easier, increasing efficiency and agility in data projects on AWS.

https://data-dot-all.github.io/dataall/

Apache License 2.0

236 stars 82 forks source link

Review permissions of data.all IAM roles #336

Closed dlpzx closed 1 year ago

dlpzx commented 1 year ago

We have noticed that for the environment admin team IAM role the following is added whenever they create a dataset (backend/dataall/cdkproxy/stacks/policies/data_policy.py)

iam.PolicyStatement(
                    actions=['athena:*', 'lakeformation:*', 'glue:*', 'kms:*'],
                    resources=['*'],
                ),

Maybe it is a good moment to re-review the IAM policies of:

pivotRole
environmentGroup IAM roles (Admin and non-admin)
dataset IAM role

dlpzx commented 1 year ago

Closing as it is assessed in a complete set of issues: #491 , #461 , #462 ...