cluster-api-provider-aws icon indicating copy to clipboard operation
cluster-api-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

:bug: Remove GetPolicy IAM call when attaching to role

Open adammw opened this issue 10 months ago • 6 comments
trafficstars

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

Alternative solution to #5265 that uses principle of least privilege by removing the need for iam:GetPolicy entirely. If the policy doesn't exist, assume that the AttachPolicy call will fail rather than attempting to fetch it before attachment.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged): Fixes #5254

Special notes for your reviewer:

Checklist:

  • [ ] squashed commits
  • [ ] includes documentation
  • [x] includes emojis
  • [x] adds unit tests
  • [ ] adds or updates e2e tests

Release note:

Remove GetPolicy IAM call when attaching to role

adammw avatar Jan 07 '25 02:01 adammw