Security issue - Missing Cluster Public Key in fargate template

prisma / prisma-templates

Prisma templates for major cloud providers

MIT License

52 stars 41 forks source link

Security issue - Missing Cluster Public Key in fargate template #4

Closed lucasmafra closed 6 years ago

lucasmafra commented 6 years ago

Problem

The fargate cloud formation template has a problem: it is not passing the parameter CLUSTER_PUBLIC_KEY to the docker image environment. As a result, the deployed cluster is not secured: anyone can add, remove and deploy projects into it.

Solution This problem is fixed by adding these two lines:

- Name: CLUSTER_PUBLIC_KEY
  Value: !Ref ClusterPublicKey

dpetrick commented 6 years ago

Thank you kindly for the report & fix. Looks good to me.