azure-dev icon indicating copy to clipboard operation
azure-dev copied to clipboard
verified publisher icon Azure

[Security] Aspire deployments use a single user assigned managed identity for everything

Open davidfowl opened this issue 1 year ago • 1 comments

I'm sure this will come up in the threat model, but we need to change how this works so that the resources only have access to what they need by default. The user will be able to manually provision and managed identities as an override but by default, we'll want identities per containerApp and one for the keyvault.

We also need to review role assignments to make sure they are good usable defaults that are secure.

We also need to document this in detail so that users doing their own security reviews can evaluate the defaults (outside of calling infra synth 😄).

davidfowl avatar Feb 16 '24 02:02 davidfowl

Feedback from security review with Barry/Levi

GA might not be able to use managed identities in a best practices / granular fashion. Create docs detailing any steps users must take if they want to follow best practices re: minimal permissions.

The deployment doc updates are happening as part of https://github.com/dotnet/docs-aspire/issues/548

rajeshkamal5050 avatar Apr 03 '24 07:04 rajeshkamal5050

This currently applies to AZD owning the compute ACE, which is dying slowly =)

Closing this issue as the ACE and MI is handled by the AppHost and publishers

vhvb1989 avatar May 15 '25 00:05 vhvb1989