Use ExternalId for all assume role calls #66
Labels
enhancement
New feature or request
Comments
|
On top of this, the Role that is used by ADF to perform the initial base stack creation or update should have only the minimal required permissions available to it to create the base stack. If a user wants to add more resource into the base stack then the permissions should be extended to allow this. Otherwise we should default to least privilege access of the cross account access role. |
|
For now, we're not going to add externalId for assume role calls, it doesnt add anything major in terms for security in this sense. Ideally we would have a way to lockdown the ADF cross account role IAM policy after it has setup the base stack. This could be a flag added to the adfconfig.yml to help secure everything down, but for now this is not mandatory. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When ADF assumes any role, it should use a dynamically generated externalId that is automatically rotated to ensure ADF roles can never be assumed by anything other than ADF itself.
The text was updated successfully, but these errors were encountered: