modernisation-platform
modernisation-platform copied to clipboard
Published
20 hours ago •
ministryofjustice
ministryofjustice
Evaluate Security Risks and Implement Controls for `kms:CreateGrant` Permission in `Github OIDC` role
User Story
As a Modernisation Platform engineer I want to investigate potential security risks associated with granting the kms:CreateGrant permission to the GitHub OIDC role. Additionally, I aim to explore the feasibility of adding conditions to restrict the usage of this permission to prevent unauthorized granting of keys to users and roles.
Value / Purpose
The purpose of this issue is to ensure security of our key management system by thoroughly assessing the risks introduced by granting the kms:CreateGrant permission. By implementing appropriate safeguards, we aim to mitigate the risk of unauthorized access to keys.
Useful Contacts
No response
Additional Information
This permission, kms:CreateGrant, is required for the purpose of copying snapshots
Proposal / Unknowns
Hypothesis If we... [do a thing] Then... [this will happ]
Proposal A proposal that is something testable, don't worry whether it works or not, it's a place for ideas.
Unknowns Potential pitfalls that could cause the story to expand beyond its original scope. Ideally this section will remain blank.
Definition of Done
- [ ] Identify security risks associated with the newly added permission.
- [ ] Document findings and recommendations in a comprehensive report.
- [ ] Ensure that the implementation aligns with best practices and complies with security standards.
- [ ] Another team member has reviewed
- [ ] Tests are green
