Allow configuration of all new IAM roles

Open cgcompassion opened this issue 1 year ago • 1 comments

Our AWS Org settings require all new IAM roles to have a specific Permission Boundary applied. Any role create command where the role does not have this permission boundary will fail.

I have followed the instructions to set up the Console, and when I deployed the console stack in us-east-1, I customized the template so that the SST role you're using has the Permission Boundary.

BUT since you are using that role to create other roles, they also need the same permission boundary applied. Is there a way I can instruct SST Console to use a certain boundary for any roles that it wants to create?

See related discord thread: https://discord.com/channels/983865673656705025/990989982799900792/1241145612624330872

May 22 '24 15:05 cgcompassion

Hmm I don't think we can right now. We can put it on the roadmap.

May 23 '24 23:05 jayair