You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a minimal IAM role that grants the necessary permissions to deploy the SaaS Boilerplate without giving full admin access to the AWS environment.
Currently, deploying the SaaS Boilerplate requires extensive permissions which can lead to potential security risks. To adhere to the principle of least privilege (PoLP), a dedicated IAM role with only the necessary permissions should be established.
Describe the solution you'd like
Requirements
Analyze the AWS services and actions used by the SaaS Boilerplate during deployment and runtime.
In CDK create an IAM policy that grants only the permissions needed for those services and actions.
In CDK attach the policy to a new IAM role, ensuring it has no additional permissions.
Update the deployment instructions in relevant documentation to mention the use of this new IAM role.
Acceptance Criteria:
A user with the new IAM role should be able to deploy the SaaS Boilerplate without any issues.
The IAM role should not have permissions beyond what's necessary for the deployment and operation of the SaaS Boilerplate.
Updated documentation reflects the changes and guides users on using the new IAM role.
Describe alternatives you've considered
No response
Additional context
Potential Challenges:
Ensuring all permissions are captured without over-provisioning. Testing thoroughly is crucial.
Changes to the SaaS Boilerplate in the future might require additional permissions, which would necessitate updates to the IAM role.
Description
Create a minimal IAM role that grants the necessary permissions to deploy the SaaS Boilerplate without giving full admin access to the AWS environment.
Currently, deploying the SaaS Boilerplate requires extensive permissions which can lead to potential security risks. To adhere to the principle of least privilege (PoLP), a dedicated IAM role with only the necessary permissions should be established.
Describe the solution you'd like
Requirements
Acceptance Criteria:
Describe alternatives you've considered
No response
Additional context
Potential Challenges:
Validations
The text was updated successfully, but these errors were encountered: