irsa-operator icon indicating copy to clipboard operation
irsa-operator copied to clipboard

Published 20 hours ago verified publisher icon VoodooTeam

Recommendation of AWS Policy with minimum necessary permissions for irsa-operator

Open kgoralski opened this issue 3 years ago • 0 comments

Hey, nice work.

I have a question. Do you have any recommendation for aws_iam_policy_document for irsa-operator with minimum necessary permissions?

Inside the example:

data "aws_iam_policy_document" "irsa" {
  statement {
    sid    = "irsaIam"
    effect = "Allow"

    actions = [
      "iam:*"
    ]

    resources = ["*"]
  }
}

https://github.com/VoodooTeam/irsa-operator/blob/main/_doc/example/terraform/main.tf#L116-L127

For example such permissions doesn't seem to be necessary for the operator

  statement {
    effect = "Deny"
    actions = [
      "iam:DeleteUser",
      "iam:DeleteAccessKey",
      "iam:ChangePassword"
    ]
    resources = ["*"]
  }

thanks!

kgoralski avatar Oct 27 '21 12:10 kgoralski