aws-cdk-rfcs icon indicating copy to clipboard operation
aws-cdk-rfcs copied to clipboard

Published 20 hours ago verified publisher icon aws

Security-restricted environments

Open eladb opened this issue 5 years ago • 1 comments

PR Champion
#

Description

  • [ ] Permission Boundaries
  • [ ] Bootstrapping Privileges
  • [ ] Enforcement of policy during synth (aspects?), during deployment (CFN hooks?) and at runtime (AWS Config?)

Progress

  • [x] Tracking Issue Created
  • [ ] RFC PR Created
  • [ ] Core Team Member Assigned
  • [ ] Initial Approval / Final Comment Period
  • [ ] Ready For Implementation
    • [ ] implementation issue 1
  • [ ] Resolved

eladb avatar Dec 08 '19 21:12 eladb

Slightly related to Permissions Boundaries, but I'd also like to see Resource Boundaries. CDK is in a great position to enforce "no EC2 resources may be created" or "no IAM resources may be imported" to accommodate some highly regulated environments.

richardhboyd avatar Jan 30 '20 05:01 richardhboyd

All supported now: https://aws.amazon.com/about-aws/whats-new/2023/04/aws-cloud-development-kit-cdk-policies-validations/ https://aws.amazon.com/blogs/devops/secure-cdk-deployments-with-iam-permission-boundaries/

mrgrain avatar Oct 13 '23 19:10 mrgrain