Closed kmoppel closed 6 days ago
New CLI flags --self-terminate --self-terminate-access-key-id --self-terminate-secret-access-key
Needs explicit access key / secret input - not read from local AWS config as with normal access keys as there are serious security implications, see the README section for details
I wonder if this feature should use a token/access-key generated specially for it; if so we could add instructions in the README on the exact minimal permissions to assign; I'm not sure there's a simple practical way to check such e.g. postgresql would complain when the data-directory readable to the world.
Yeah I guess we need to invest into it more, as if the security model is obscure / too open people might be just afraid to give the solution a try.
Created a separate issue https://github.com/pg-spot-ops/pg-spot-operator/issues/28 not to hold back the code as can take time to sort out all the required IAM policies
New CLI flags --self-terminate --self-terminate-access-key-id --self-terminate-secret-access-key
Needs explicit access key / secret input - not read from local AWS config as with normal access keys as there are serious security implications, see the README section for details