This change moves from a model where a specific limited set
of permissions are granted to the role, to a model where
the role is granted : permissions, but the entity trusted
is a special dedicated AWS account. This new AWS account
will have no users or access and instead will only issue
ephemeral STS credentials to EIS personnel with an associated
"break glass" system that announces to all of EIS and to
the AWS account holder that the incident response role has
been assumed
Update security audit role with new permissions and role ARN emission method
Update incident response role
This change moves from a model where a specific limited set of permissions are granted to the role, to a model where the role is granted : permissions, but the entity trusted is a special dedicated AWS account. This new AWS account will have no users or access and instead will only issue ephemeral STS credentials to EIS personnel with an associated "break glass" system that announces to all of EIS and to the AWS account holder that the incident response role has been assumed
Update security audit role with new permissions and role ARN emission method
This adds new permissions based on
This also changes how the IAM role is emitted by using the https://github.com/mozilla/cloudformation-cross-account-outputs system
Fixes #12