-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scope down dataset sharing requester IAM role managed IAM policy S3 permissions #1280
Scope down dataset sharing requester IAM role managed IAM policy S3 permissions #1280
Conversation
… read only for consumption role
This is an extension of #1262 to add s3:GetObject permissions and remove s3:* permissions |
@mourya-33 while teting I found the following issues:
|
@SofiaSazonova , this also seem to require a change in the test assertions. I am testing this locally and will push the changes early next week. |
@mourya-33 Sorry for not writing all at once, but I just realised: |
@dlpzx @noah-paige I need your advice here: is it ok to put the backfilling of iam policies in migration scripts? |
Feature or Bugfix
Detail
This PR will address the issue - 1226
Relates
Security
Please answer the questions below briefly where applicable, or write
N/A
. Based onOWASP 10.
fetching data from storage outside the application (e.g. a database, an S3 bucket)? N/A
eval
or similar functions are used? N/ABy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.