Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scope down IAM role permissions. #109

Merged
merged 3 commits into from
Mar 9, 2021
Merged

Scope down IAM role permissions. #109

merged 3 commits into from
Mar 9, 2021

Conversation

bryce-shang
Copy link
Contributor

@bryce-shang bryce-shang commented Mar 9, 2021
edited
Loading

Issues:

Resolves CryptoAlg-674

Description of changes:

This PR scopes down permissions of IAM role used by AWS CodeBuild. The major change is to replace AmazonEC2ContainerRegistryReadOnly with below iam permission (more restricted).

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage"
            ],
            "Resource": "arn:aws:ecr:us-west-2:xxxxxx:repository/aws-lc-docker-images-linux-x86",
            "Effect": "Allow"
        }
    ]
}

Call-outs:

  • No other changes (including FILE_PATH) planned. FILE_PATH may stop CI running when files under tests dir get changed.

Testing:

  • CryptoAlg-674?selectedConversation=3af70d1d-3676-4ca7-ac2a-b0a7f41773ff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@bryce-shang bryce-shang merged commit c6af55b into aws:main Mar 9, 2021
@bryce-shang bryce-shang deleted the ci-iam-role branch March 9, 2021 21:27
aqjune-aws added a commit to aqjune-aws/aws-lc-public that referenced this pull request Mar 4, 2024
@aqjune-aws
Merge pull request aws#109 from aqjune-aws/table-benchmark
7a374fb 
Enable testing bignum_copy_row_from_table on x86
s2n-bignum original commit: awslabs/s2n-bignum@26bfe44
dkostic pushed a commit to dkostic/aws-lc that referenced this pull request Jul 22, 2024
@aqjune-aws
Merge pull request aws#109 from aqjune-aws/table-benchmark
104dd57 
Enable testing bignum_copy_row_from_table on x86
s2n-bignum original commit: awslabs/s2n-bignum@26bfe44
torben-hansen pushed a commit to torben-hansen/aws-lc that referenced this pull request Sep 18, 2024
@aqjune-aws
Merge pull request aws#109 from aqjune-aws/table-benchmark
401b241 
Enable testing bignum_copy_row_from_table on x86
s2n-bignum original commit: awslabs/s2n-bignum@26bfe44
torben-hansen pushed a commit to torben-hansen/aws-lc that referenced this pull request Sep 18, 2024
@aqjune-aws
Merge pull request aws#109 from aqjune-aws/table-benchmark
c3433df 
Enable testing bignum_copy_row_from_table on x86
s2n-bignum original commit: awslabs/s2n-bignum@26bfe44

s2n-bignum original commit: awslabs/s2n-bignum@401b241
torben-hansen pushed a commit to torben-hansen/aws-lc that referenced this pull request Sep 19, 2024
@aqjune-aws
Merge pull request aws#109 from aqjune-aws/table-benchmark
13dd41a 
Enable testing bignum_copy_row_from_table on x86
s2n-bignum original commit: awslabs/s2n-bignum@26bfe44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dkostic dkostic dkostic approved these changes

@andrewhop andrewhop andrewhop approved these changes

@andrew-kaufman andrew-kaufman Awaiting requested review from andrew-kaufman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bryce-shang @dkostic @andrewhop