Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict minimum EC2/EKS IAM policies by resource #2437

Open
RobertLucian opened this issue Jun 30, 2022 · 0 comments
Open

Restrict minimum EC2/EKS IAM policies by resource #2437

RobertLucian opened this issue Jun 30, 2022 · 0 comments
Labels
enhancement New feature or request provisioning Something related to cluster provisioning

Comments

@RobertLucian
Copy link
Member

Description

As it is described in https://docs.cortex.dev/clusters/management/auth#minimum-iam-policy, the current minimum IAM policy is to grant the cortex CLI (and by that extension to eskctl) full control over the EC2/EKS services.

Motivation

These should be restricted to a resource-based policy that would limit what an IAM role/user can do. This is especially helpful in bigger corporations where there are more than a handful of developers and the company's policy on what access its devs have is more stringent.

Additional context

This seems to be blocked on what eksctl requires: https://eksctl.io/usage/minimum-iam-policies/. Talk to the eksctl team to see if there's a way to further reduce the IAM policy requirements.
@RobertLucian RobertLucian added enhancement New feature or request provisioning Something related to cluster provisioning labels Jun 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request provisioning Something related to cluster provisioning
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RobertLucian