Skip to content

Existing vpc #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
crazyoyo wants to merge 17 commits into
base: main
Choose a base branch
from
Open

Existing vpc #30

crazyoyo wants to merge 17 commits into from

Conversation

@crazyoyo
Copy link
Collaborator

@crazyoyo crazyoyo commented Dec 9, 2025

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

crazyoyo and others added 17 commits November 11, 2025 21:55
@crazyoyo
new feature for existing-vpc deploy.
c1a04ba
@crazyoyo
new feature for existing-vpc deploy.
f829ed2
@crazyoyo
new feature for existing-vpc deploy.
85ef0e8
@crazyoyo
new feature for existing-vpc deploy.
ae53d0e
@crazyoyo
new feature for existing-vpc deploy.
28428f3
@crazyoyo
new feature for existing-vpc deploy.
4956aed
@crazyoyo
new feature for existing-vpc deploy.
7343624
@crazyoyo
new feature for existing-vpc deploy.
923d977
@linnjia-aws
feat: minimize bastion host IAM permissions in existing VPC template
7c40e1e 
- Replace PowerUserAccess and IAMFullAccess with specific minimal permissions
- Copy granular permissions from main template to existing VPC template
- Improve security by following principle of least privilege
- Maintain functionality while reducing attack surface
@linnjia-aws
minimize bastion host IAM permissions in existing VPC template
0653b4e
@linnjia-aws
Merge branch 'existing-vpc' of https://github.com/aws-samples/sample-…
95715b2 
…e2b-on-aws into existing-vpc
@crazyoyo
new feature for existing-vpc deploy.
832ed44
@linnjia-aws
Restrict IAM permissions with least privilege principle
87e6c74 
- Replace wildcard permissions with specific S3 actions
- Limit Secrets Manager to required operations only
- Restrict IAM AttachRolePolicy to whitelisted AWS managed policies
- Add condition to prevent privilege escalation via PassRole
- Add missing S3 bucket configuration permissions (ACL, CORS, Lifecycle, etc.)
- Add S3 object tagging permissions
@crazyoyo
Merge branch 'existing-vpc' of https://github.com/aws-samples/sample-…
efbd1f5 
…e2b-on-aws into existing-vpc
@crazyoyo
refactor.
be2fd9b
@crazyoyo
refactor.
ec2da8e
@crazyoyo
refactor.
2568c02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@crazyoyo @linnjia-aws