wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-02 19:03:04 +02:00
Code Issues Projects Releases Wiki Activity

Update EC2 IAM Profile to least privilege required

Browse source 
Change overly permissive IAM Profile from using wildcard in list of
actions required. Explictly define the 4 required ec2:Associate*
Realized while investigating issue #14383, though change does not
resolve that issue
This commit is contained in:
Glenn Schlereth 2022-02-04 16:45:15 -03:00
parent 4b1081b7b8
commit 92d05ae676
No known key found for this signature in database
GPG key ID: 5910B4385FE82E07
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
docs/deploy-from-ansible.md
View file

@ -170,9 +170,12 @@ Additional variables:
"ec2:CreateVpc", "ec2:CreateVpc",
"ec2:DescribeInternetGateways", "ec2:DescribeInternetGateways",
"ec2:ModifyVpcAttribute", "ec2:ModifyVpcAttribute",
"ec2:createTags", "ec2:CreateTags",
"ec2:CreateSubnet", "ec2:CreateSubnet",
"ec2:Associate*", "ec2:AssociateVpcCidrBlock",
"ec2:AssociateSubnetCidrBlock",
"ec2:AssociateRouteTable",
"ec2:AssociateAddress",
"ec2:CreateRouteTable", "ec2:CreateRouteTable",
"ec2:AttachInternetGateway", "ec2:AttachInternetGateway",
"ec2:DescribeRouteTables", "ec2:DescribeRouteTables",