Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable to expand roles with PermissionsBoundary #55

Closed
JohnPreston opened this issue May 11, 2020 · 1 comment · Fixed by #60
Closed

Enable to expand roles with PermissionsBoundary #55

JohnPreston opened this issue May 11, 2020 · 1 comment · Fixed by #60
Assignees
@JohnPreston
Labels
enhancement New feature or request

Comments

@JohnPreston
Copy link
Member

Is your feature request related to a problem? Please describe.
I have permissions to create roles only with a given set of permissions boundaries. Therefore, all my IAM roles I create should have IAM boundaries set.

Describe the solution you'd like
In the configs/composex section, add a new section for IAM which allows to list boundary policy names

configs:
  composex:
    iam:
      boundaries:
        - policy1
        - policy2

Describe alternatives you've considered
Via the CLI, provide a list of IAM boundary names or ARNs which need to be added.

Additional context
Before adding the boundary, if an ARN is provided, it should be applicable to the current account.
@JohnPreston JohnPreston added the enhancement New feature or request label May 11, 2020
@JohnPreston JohnPreston self-assigned this May 11, 2020
@JohnPreston
Copy link
Member Author

As there is only one permission boundary, it will only allow for one value set

configs:
  composex:
    iam:
      boundaries: policy_name_or_arn

For each service, if a specific policy ARN should be set to the IAM role, it can be overriden locally

services:
  serviceA:
    configs:
      iam:
        boundaries: other_policy_name_or_arn

or equally in the configs section

configs:
  serviceA:
    iam:
      boundaries: other_policy_name_or_arn

@JohnPreston JohnPreston linked a pull request May 14, 2020 that will close this issue
FR - IAM Permissions Boundary #60
Merged
@JohnPreston JohnPreston removed a link to a pull request May 14, 2020
FR - IAM Permissions Boundary #60
Merged
@JohnPreston JohnPreston linked a pull request May 14, 2020 that will close this issue
FR - IAM Permissions Boundary #60
Merged
@JohnPreston JohnPreston changed the title Enable to expand roles conditions Enable to expand roles with PermissionsBoundary May 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JohnPreston JohnPreston

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

FR - IAM Permissions Boundary compose-x/ecs_composex
1 participant
@JohnPreston