[Requesting Clarification][Multiple FullAccess managed permission attached to IAM role created under ASA-iam-key-auto-rotation-and-notifier-solution.yaml ] #36
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello Team,
We see AmazonEC2FullAccess and AmazonSSMFullAccess managed permission being attached to the IAM role created under ASA-iam-key-auto-rotation-and-notifier-solution.yaml :-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
https://github.com/aws-samples/aws-iam-access-key-auto-rotation/blame/d03ff78c27bdd2ff8ff278a23213e2967f83791d/CloudFormation/ASA-iam-key-auto-rotation-and-notifier-solution.yaml#L254
https://github.com/aws-samples/aws-iam-access-key-auto-rotation/blame/d03ff78c27bdd2ff8ff278a23213e2967f83791d/CloudFormation/ASA-iam-key-auto-rotation-and-notifier-solution.yaml#L322
https://github.com/aws-samples/aws-iam-access-key-auto-rotation/blame/d03ff78c27bdd2ff8ff278a23213e2967f83791d/CloudFormation/ASA-iam-key-auto-rotation-and-notifier-solution.yaml#L426
https://github.com/aws-samples/aws-iam-access-key-auto-rotation/blame/d03ff78c27bdd2ff8ff278a23213e2967f83791d/CloudFormation/ASA-iam-key-auto-rotation-and-notifier-solution.yaml#L253
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is too elaborate and not as per the best security standards. Hence wanted to check if these FullAccess permissions are actually needed for proper working of the solution or we can provide a minimum set of permission needed in this case.
Thank you
The text was updated successfully, but these errors were encountered: