Skip to content

Restrict minimum EC2/EKS IAM policies by resource #2437

New issue
New issue
Open
Open
Restrict minimum EC2/EKS IAM policies by resource#2437
Labels
enhancementNew feature or requestprovisioningSomething related to cluster provisioning
@RobertLucian

Description

@RobertLucian
RobertLucian
opened on Jun 30, 2022

Description

As it is described in https://docs.cortex.dev/clusters/management/auth#minimum-iam-policy, the current minimum IAM policy is to grant the cortex CLI (and by that extension to eskctl) full control over the EC2/EKS services.

Motivation

These should be restricted to a resource-based policy that would limit what an IAM role/user can do. This is especially helpful in bigger corporations where there are more than a handful of developers and the company's policy on what access its devs have is more stringent.

Additional context

This seems to be blocked on what eksctl requires: https://eksctl.io/usage/minimum-iam-policies/. Talk to the eksctl team to see if there's a way to further reduce the IAM policy requirements.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestprovisioningSomething related to cluster provisioning

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions