Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recommendation for Policies #47

Open
erikm30 opened this issue Feb 15, 2021 · 2 comments
Open

Recommendation for Policies #47

erikm30 opened this issue Feb 15, 2021 · 2 comments
Labels
enhancement

Comments

@erikm30
Copy link

erikm30 commented Feb 15, 2021

Is there a recommendation for a policy with the least rights that can be used to successfully run the script ?
@JohannesEbke
Copy link
Owner

This should run well with arn:aws:iam::aws:policy/ReadOnlyAccess , but probably can run well on more restricted policies. Since it does heuristics and actually knows which APIs it will call, it would probably be quite easy to generate a policy generator. Unfortunately, since it picks up on new APIs on boto3 updates, this policy would get out of date, but for security-conscious setups it might give an edge over ReadOnlyAccess.

@JohannesEbke
Copy link
Owner

ToDo

  • Add to Readme
  • Add "strict" policy generator.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JohannesEbke @erikm30