search

sst / console

A web based dashboard for your SST apps
https://console.sst.dev
212 stars 21 forks source link

Allow configuration of all new IAM roles #13

Open cgcompassion opened 2 months ago

cgcompassion commented 2 months ago

Our AWS Org settings require all new IAM roles to have a specific Permission Boundary applied. Any role create command where the role does not have this permission boundary will fail.

I have followed the instructions to set up the Console, and when I deployed the console stack in us-east-1, I customized the template so that the SST role you're using has the Permission Boundary.

BUT since you are using that role to create other roles, they also need the same permission boundary applied. Is there a way I can instruct SST Console to use a certain boundary for any roles that it wants to create?

See related discord thread: https://discord.com/channels/983865673656705025/990989982799900792/1241145612624330872

jayair commented 2 months ago

Hmm I don't think we can right now. We can put it on the roadmap.