Restrict permission for github runner's AWS role

kislerdm / diagramastext

Application to streamline diagram generation using plain English instructions instead of code

https://diagramastext.dev

Apache License 2.0

24 stars 1 forks source link

Restrict permission for github runner's AWS role #36

Closed kislerdm closed 1 year ago

kislerdm commented 1 year ago

Tech debt collected during execution of #35, it's a potential security threat:

resource "aws_iam_role_policy_attachment" "admin" {
  # FIXME: grant admin right on exceptional basis
  policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
  role       = aws_iam_role.github_actions.arn
}