AWS Terraform Ref Arch is too permissive #12964
Labels
type: bug
Something isn't working
Comments
mrzarquon
added a commit
that referenced
this issue
Sep 21, 2022
…at our IAM permissions weren't correct to just use the S3 bucket. ```release-note Attaches correct permissions to the IAM user to have correct level of access to just the single S3 bucket we create for that user. ```
roboquat
pushed a commit
that referenced
this issue
Sep 21, 2022
…at our IAM permissions weren't correct to just use the S3 bucket. ```release-note Attaches correct permissions to the IAM user to have correct level of access to just the single S3 bucket we create for that user. ```
mrzarquon
added a commit
that referenced
this issue
Sep 21, 2022
Typos in policy declarations ```release-note [AWS Infra] Terraform code updated to create correct policies for S3 buckets ```
roboquat
pushed a commit
that referenced
this issue
Sep 22, 2022
Typos in policy declarations ```release-note [AWS Infra] Terraform code updated to create correct policies for S3 buckets ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug description
Inheriting from our old EKS guide, we still set
"arn:aws:iam::aws:policy/AmazonS3FullAccess"on the S3 user accounts, which grants global S3 access to the user.There is no reason to do this now that we support specifying an S3 bucket for an object store. And it could cause this creation to fail in the instances where the user running the terraform code doesn't have permissions to grant this level of access.
Steps to reproduce
See above
Workspace affected
No response
Expected behavior
No response
Example repository
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: