Support CDK permissions boundary to limit CFN deployment permissions

matanolabs / matano

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

https://matano.dev

Apache License 2.0

1.44k stars 97 forks source link

Support CDK permissions boundary to limit CFN deployment permissions #122

Open Samrose-Ahmed opened 1 year ago

Samrose-Ahmed commented 1 year ago

Add an optional configuration to define an IAM permissions boundary for the CDK deployment role to further limit the deployment permissions for CFN (by default uses Admin permissions).

Resources

https://github.com/aws/aws-cdk/wiki/Security-And-Safety-Dev-Guide#permissions-boundaries-and-scps
https://aws.amazon.com/blogs/devops/secure-cdk-deployments-with-iam-permission-boundaries