Comments (3)
ojongerius
commented on June 3, 2024
Removed S3 access for the Lambda. Next is creating an AWS account in the freeCodeCamp account, using a locked down policy generated with https://github.com/dancrumb/generator-serverless-policy
from open-api.
ojongerius
commented on June 3, 2024
I've moved the app from my account to freecodecamp. The generated policy did not really deliver. The tool has not been updated, and was missing permissions, and plugins that create notifications and alarms are a party pooper too.
My plan b:
I've given admin access to the serverless user, and I'll review permissions used by that user to create a new policy.
We can use cloudtrail to review access had at https://console.aws.amazon.com/cloudtrail/home?region=us-east-1#/events
I've downloaded the events and will have a look at this later, probably tomorrow.
Related blog post to potentially use for reference https://threatresponse.cloud/blog/2016/tips_for_least_privilege_iam_policies.html
from open-api.
ojongerius
commented on June 3, 2024
I've removed the policy I initially added, and created one using the visual editor. In the long run having a nice version under version control, preferably managed by a tool like Terraform is desirable.
For now, we have a versioned policy in place, that only has permissions for services touched by serverless deployments and where possible locked down to resources that include openapi* in the ARN.
TL;DR user serverless no longer has admin permissions but a custom policy.
from open-api.
Related Issues (20)
- Duplicate user creation should return error HOT 1
- Can't createUser with the header generated by `yarn generate-auth-header` HOT 5
- Configure GitHub Releases & Changelogs
- Configure Publishing to NPM HOT 2
- Release v1.0.0 HOT 2
- CNAMEs and HTTPS certificates HOT 7
- Handle empty body HOT 1
- Handle invalid JSON HOT 1
- Inactive Days HOT 3
- View Users Solutions HOT 20
- yarn generate-auth-header not working HOT 3
- Agree on using an external uuid that is not coupled to any implementation HOT 1
- Update integration test snapshot HOT 1
- Schema validation
- Create updateCommunityEvent HOT 3
- Remove duplication in tests HOT 1
- Port one query from loopback to open-api
- Create overview of outstanding issues that prevent going to prod
- Investigate running in Azure
- Create a role system for API use HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from open-api.