Closed longnd closed 10 months ago
An IAM service/bot account is created as part of the IAM module. It will be used to provision the changes to the AWS infrastructure, e.g. through Terraform. Currently the bot account is created with login credential https://github.com/nimblehq/infrastructure-templates/blob/12ebedf6e5897cb464b5e7cc6e2d9f5e35dd5d02/src/generators/addons/aws/modules/core/iamUserAndGroup.ts#L88-L91
It is unnecessary and exposes more risk. We should limit the creation of the account without console access (no login credential)
Any project that is generated based on this infra-template.
Why
An IAM service/bot account is created as part of the IAM module. It will be used to provision the changes to the AWS infrastructure, e.g. through Terraform. Currently the bot account is created with login credential https://github.com/nimblehq/infrastructure-templates/blob/12ebedf6e5897cb464b5e7cc6e2d9f5e35dd5d02/src/generators/addons/aws/modules/core/iamUserAndGroup.ts#L88-L91
It is unnecessary and exposes more risk. We should limit the creation of the account without console access (no login credential)
Who Benefits?
Any project that is generated based on this infra-template.