feat: Restrict instance SSM permissions

philips-labs / terraform-aws-github-runner

Terraform module for scalable GitHub action runners on AWS

https://philips-labs.github.io/terraform-aws-github-runner/

MIT License

2.55k stars 611 forks source link

feat: Restrict instance SSM permissions #3918

Closed npalm closed 4 months ago

npalm commented 4 months ago

Restrict instance SSM permissions

Previously, EC2 instances could read other instances' tokens (via path .../tokens/...) from SSM parameters. This PR restricts access to only read / delete tokens owned by the instances