Bug #20489: Terraform AWS IAM policy shouldn't allow privileges escalation - Arvados

Actions

Copy link

Bug #20489

closed

Terraform AWS IAM policy shouldn't allow privileges escalation

Added by Lucas Di Pentima 5 months ago. Updated 5 months ago.

Status:

Resolved

Priority:

Normal

Assigned To:

Lucas Di Pentima

Category:

Deployment

Target version:

Development 2023-05-10 sprint

Start date:

Due date:

% Done:

100%

Estimated time:

Story points:

Release:

Arvados 2.6.2

Release relationship:

Auto

Description

Alert from GitHub's code scanning service

The issue is described here: https://docs.bridgecrew.io/docs/ensure-iam-policies-does-not-allow-privilege-escalation

Actions

Copy link

Updated by Lucas Di Pentima 5 months ago

Updates at c342e37e4 - branch 20489-iam-policy-fix

Restricts the dispatcher's PassRole policy target to only keepstore instance's profiles

Manually tested on our sandbox AWS account.

Actions

Copy link

Updated by Lucas Di Pentima 5 months ago

% Done changed from 0 to 100
Status changed from In Progress to Resolved

Applied in changeset arvados|d0525283de9abd103c5fd057f28c80a7249a896d.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Arvados

Custom queries

Bug #20489

Terraform AWS IAM policy shouldn't allow privileges escalation

Updated by Lucas Di Pentima 5 months ago

Updated by Lucas Di Pentima 5 months ago