Actions
Bug #12
open[SEC] modification policy codepipeline
Start date:
Due date:
% Done:
0%
Estimated time:
(Total: 0:00 h)
Description
Il faudrait modifier la policy de create_ami et deliver_ami pour ne pas autoriser tout les S3
data "aws_iam_policy_document" "codepipeline_policy" {
statement {
actions = [
"s3:*",
"codecommit:*",
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
]
resources = [
"*",
]
}
}
Updated by UserName LastName 10 months ago
- Status changed from New to In Progress
Updated by UserName LastName 10 months ago · Edited
informations :
nom-du-bucket-pour-create-ami = bu-4-create-ami les action autorisée
s3:GetObject, s3:PutObject, s3:ListBucket
Updated by UserName LastName 10 months ago
Quel est le nom exact du (ou des) bucket(s) S3 utilisé(s) par le pipeline deliver_ami ? mon-bucket
Quelles sont les actions S3 minimales requises pour ce(s) bucket(s) : s3:GetObject, s3:PutObject, s3:ListBucket
Actions