Skip to content

Commit

Permalink
Merge pull request #488 from noqdev/fix/en-2223-iambic-hub-role
Browse files Browse the repository at this point in the history 
Fix EN-2223 Relax IambicHubRole sts:assumerole policy statement
  • Loading branch information
@smoy
smoy authored Jul 12, 2023
2 parents 036f237 + 2492747 commit e6a1d92
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 7 deletions.
7 changes: 2 additions & 5 deletions iambic/plugins/v0_1_0/aws/cloud_formation/templates/IambicSpokeRole.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@ Resources:
- Effect: Allow
Action:
- ec2:Describe*
- iam:*
- identitystore:*
- organizations:describe*
- organizations:list*
- iam:*
- sso:*
Resource:
- '*'
Expand All @@ -60,19 +60,16 @@ Resources:
- sqs:GetQueueAttributes
Resource:
- 'arn:aws:sqs:*:*:IAMbicChangeDetectionQueue*'
- Sid: SCPsReadWrite
- Sid: SCPsWrite
Effect: Allow
Action:
- organizations:CreatePolicy
- organizations:DeletePolicy
- organizations:DescribePolicy
- organizations:UpdatePolicy
- organizations:ListPolicies
- organizations:AttachPolicy
- organizations:DetachPolicy
- organizations:TagResource
- organizations:UntagResource
- organizations:ListTagsForResource
Resource: '*'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/ReadOnlyAccess'
5 changes: 3 additions & 2 deletions iambic/plugins/v0_1_0/aws/cloud_formation/templates/IambicSpokeRoleReadOnly.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,14 @@ Resources:
Statement:
- Effect: Allow
Action:
- iam:Get*
- iam:List*
- identitystore:Describe*
- identitystore:Get*
- identitystore:IsMemberInGroups
- identitystore:List*
- organizations:describe*
- organizations:list*
- iam:Get*
- iam:List*
- sso:Describe*
- sso:Get*
- sso:List*
Expand Down

0 comments on commit e6a1d92

Please sign in to comment.