(bootstraping): (CDKv2 default IAM role assigned with Admin permissions) #21978
srk-coderepo
started this conversation in
General
Replies: 1 comment
-
|
@srk-coderepo I'm not sure I understand what the ask is here. Are you just looking for an explanation? The default is |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Describe the feature
CDKv2 includes some changes to the bootstrapping requirements and resources. It also implements a new default IAM behavior when compared to v1. The details are available at https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html . In a nut-shell the default behavior of CDKv2 is to use a single IAM role assigned with Admin permissions for all deployments. This is not a desirable configuration for us as this may prevent them from implementing a least privilege model.
CDKv2 allows for customized bootstrapping but we need to understand more about as Why was the behavior changed from V1 to V2 regarding bootstrapping and why did we introduce default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'
Use Case
Having default role 'AdministratorAccess' does not comply with the other best practices such as least privileged or need by need access permissions.
Proposed Solution
No response
Other Information
No response
Acknowledgements
CDK version used
CDKv2
Environment details (OS name and version, etc.)
Linux
Beta Was this translation helpful? Give feedback.
All reactions