Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove all cases of "Resource": "*" from policies #20

Open
Zeebrow opened this issue Jul 8, 2022 · 1 comment
Open

Remove all cases of "Resource": "*" from policies #20

Zeebrow opened this issue Jul 8, 2022 · 1 comment
Labels
Alpha required for Alpha milestone bug Something isn't working
Milestone
Alpha

Comments

@Zeebrow
Copy link
Owner

Zeebrow commented Jul 8, 2022
edited
Loading

Suggestions:

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html
@Zeebrow Zeebrow added bug Something isn't working Alpha required for Alpha milestone labels Jul 8, 2022
@Zeebrow Zeebrow added this to the Alpha milestone Jul 8, 2022
@Zeebrow
Copy link
Owner Author

Zeebrow commented Jul 12, 2022
edited
Loading

Plan

  1. Enforce tagging policy on user/role with:
{
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags"
            ],
            "Resource": [
                "arn:aws:ec2:*:865386952527:key-pair/*",
                "arn:aws:ec2:*:865386952527:security-group/*",
                "resource 3",
                "resource 4"
            ],
            "Condition": {
                "ForAllValues:StringEquals": {
                    "aws:TagKeys": [
                        "Name",
                        "quickhost"
                    ]
                },
                "ForAnyValue:StringEquals": {
                    "aws:TagKeys": ["quickhost"]
                }
            }
}
  • Allow users to create tags with 'Name', 'quickhost', ... keys
  • Require the 'quickhost' tag key to be present on resources
  1. Require a vpc id in order to create policies

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Alpha required for Alpha milestone bug Something isn't working
Projects
None yet
Milestone
Alpha
Development

No branches or pull requests
1 participant
@Zeebrow