Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Split the project-leads user group into developer-group, ops-group, and project-leads group #59

Closed
7 tasks
gjagnoor opened this issue Oct 27, 2022 · 2 comments
Closed
7 tasks

Split the project-leads user group into developer-group, ops-group, and project-leads group #59

gjagnoor opened this issue Oct 27, 2022 · 2 comments
Labels
feature: administrative feature: AWS IAM feature: security role: Site Reliability Engineer aka Infrastructure Engineer size: 2pt Can be done in 7-12 hours
Milestone
06.02 Infrastruct...

Comments

@gjagnoor
Copy link
Member

gjagnoor commented Oct 27, 2022
edited by ExperimentsInHonesty
Loading

Overview

We need to decide and create user groups with the lowest level of permission needed (per group), and then reassign users to these new groups, so that we can be as secure as possible.

Action Items

  • Document the groups and how to know what group a person needs to be assigned to (in this issue)
    • Get sign off by Ops
    • Add to Wiki
  • Create a developer-group
  • Create an ops-group
  • Add relevant permissions to developer-group and ops-group
  • Reassign groups to users. Project leads should be assigned to project-leads group. Developers to developer-group. Ops-group to ops-group.

Resources/Instructions

  • AWS best practice is to give minimum permission to users (only what's needed for the task)
  • This issue was brought up in 10/26/2022 ops meeting. We spoke about bringing the discussion here because the scope of this issue is large.

AWS documentation: Security best practices in IAM

Apply least-privilege permissions - When you set permissions with IAM policies, grant only the permissions required to perform a task. You do this by defining the actions that can be taken on specific resources under specific conditions, also known as least-privilege permissions. You might start with broad permissions while you explore the permissions that are required for your workload or use case. As your use case matures, you can work to reduce the permissions that you grant to work toward least privilege
@JasonEb JasonEb added size: 2pt Can be done in 7-12 hours role: Site Reliability Engineer aka Infrastructure Engineer labels Oct 30, 2022
@JasonEb JasonEb added this to the 04 Team Workflow milestone Oct 30, 2022
This was referenced Oct 30, 2022
Open
Closed
@ExperimentsInHonesty
Copy link
Member

Might be a duplicate of an existing issue

@chelseybeck
Copy link
Member

Closing this issue as we are planning this here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature: administrative feature: AWS IAM feature: security role: Site Reliability Engineer aka Infrastructure Engineer size: 2pt Can be done in 7-12 hours
Projects
CoP: DevOps: Project Board
Status: Done
Milestone
06.02 Infrastructure - Org - Should have
Development

No branches or pull requests
4 participants
@JasonEb @ExperimentsInHonesty @gjagnoor @chelseybeck