Bug #20489: Terraform AWS IAM policy shouldn't allow privileges escalation - Arvados

Actions

Bug #20489

closed

Terraform AWS IAM policy shouldn't allow privileges escalation

Added by Lucas Di Pentima 12 months ago. Updated 12 months ago.

Status:

Resolved

Priority:

Normal

Assigned To:

Lucas Di Pentima

Category:

Deployment

Target version:

Development 2023-05-10 sprint

Story points:

-

Release:

Release relationship:

Auto

Description

Alert from GitHub's code scanning service

The issue is described here: https://docs.bridgecrew.io/docs/ensure-iam-policies-does-not-allow-privilege-escalation

Actions

#1

Updated by Lucas Di Pentima 12 months ago

Updates at c342e37e4 - branch 20489-iam-policy-fix

Restricts the dispatcher's PassRole policy target to only keepstore instance's profiles

Manually tested on our sandbox AWS account.

Actions

#2

Updated by Lucas Di Pentima 12 months ago

% Done changed from 0 to 100
Status changed from In Progress to Resolved

Applied in changeset arvados|d0525283de9abd103c5fd057f28c80a7249a896d.

Actions

Also available in: Atom PDF