Skip to content

eli-279 restricted github actions policies to named resources, where …#144

Merged
eddalmond1 merged 14 commits intomainfrom
feature/eja-eli-279-tighten-up-gitlab-permissions
Jun 17, 2025
Merged

eli-279 restricted github actions policies to named resources, where …#144
eddalmond1 merged 14 commits intomainfrom
feature/eja-eli-279-tighten-up-gitlab-permissions

Conversation

@eddalmond1
Copy link
Copy Markdown
Collaborator

@eddalmond1 eddalmond1 commented Jun 10, 2025

…possible, and whittled down *'s

Description

We need to ensure that we restrict the policies for the Github role as much as is possible and sensible, so that malicious actors are restricted in what they can do.

Context

Pen test

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

eddalmond1 added 13 commits June 10, 2025 16:06
@eddalmond1
eli-279 restricted github actions policies to named resources, where …
c5acda9 
…possible, and whittled down <action>*'s
@eddalmond1
eli-279 dealing with IAMs
0a1a260
@eddalmond1
eli-279 removing most permissions from developer role, as it's expect…
5cd80c5 
…ed to only need to terraform plan locally / invoke lambda for testing in dev
@eddalmond1
eli-279 removin data item
8ce2fbc
@eddalmond1
eli-279 multiple changes to fix deployment issues
3a5ec98
@eddalmond1
listcertificates for ACM needs wildcard resource
a7aac75
@eddalmond1
eli-279 further changes to allow deployment of api-layer
b1df959
@eddalmond1
eli-279 api gateway issues
df7430e
@eddalmond1
eli-279 moving more api gateway permissions to * resource
ea1f4c9
@eddalmond1
eli-279 fine tuning api gateway permissions
6903d4b
@eddalmond1
Merge remote-tracking branch 'origin/main' into feature/eja-eli-279-t…
68aae66 
…ighten-up-gitlab-permissions
@eddalmond1
eli-279 adding checkov skips for instances where we need to have a le…
b9400bc 
…vel of unrestricted access
@eddalmond1
eli-279 further checkov skips
50b1c89
@eddalmond1 eddalmond1 merged commit 6881431 into main Jun 17, 2025
22 checks passed
@eddalmond1 eddalmond1 deleted the feature/eja-eli-279-tighten-up-gitlab-permissions branch September 26, 2025 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Karthikeyannhs Karthikeyannhs Karthikeyannhs approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eddalmond1 @Karthikeyannhs