Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Datadog policy includes S3 GetObject? #36

Closed
LuigiClemente-Awin opened this issue Sep 16, 2021 · 2 comments
Closed

Datadog policy includes S3 GetObject? #36

LuigiClemente-Awin opened this issue Sep 16, 2021 · 2 comments
Labels
bug 🐛 An issue with the system

Comments

@LuigiClemente-Awin
Copy link

LuigiClemente-Awin commented Sep 16, 2021
edited
Loading

Hi all

I see that in the "all" policy attached to the Datadog role has been added the s3:GetObject action:

terraform-aws-datadog-integration/all.tf

Line 64 in c70209d

"s3:GetObject",

I do not understand why it should be needed and it is not listed in the official Datadog documentation:
https://docs.datadoghq.com/integrations/amazon_web_services/?tab=roledelegation

                "s3:GetBucketLogging",
                "s3:GetBucketLocation",
                "s3:GetBucketNotification",
                "s3:GetBucketTagging",
                "s3:ListAllMyBuckets",
                "s3:PutBucketNotification",

Is this a typo?
Same for s3:ListObjects, but the security concern about GetObject seems greater in my opinion.

Thanks,

Luigi
@LuigiClemente-Awin LuigiClemente-Awin added the bug 🐛 An issue with the system label Sep 16, 2021
@LuigiClemente-Awin
Copy link
Author

I see this hasn't changed...

@joe-niland
Copy link
Member

Fixed in #46

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 An issue with the system
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joe-niland @LuigiClemente-Awin