-
Story
-
Resolution: Won't Do
-
Normal
-
None
-
None
Months ago work was done to document the minimum required permissions on AWS: https://docs.openshift.com/container-platform/4.5/installing/installing_aws/installing-aws-account.html
We need to regression test this configuration in CI.
Below you can see the policies in use with our CI account:
notsecret $ AWS_PROFILE=ci aws iam list-groups-for-user --user-name origin-ci-robot --output text
GROUPS arn:aws:iam::460538899914:group/RobotBuilders 2018-02-13T16:07:53Z AGPAJF25YZOW6F3SY4FYK RobotBuilders /
$ AWS_PROFILE=ci aws iam list-attached-group-policies --group-name RobotBuilders | jq -r '.AttachedPolicies[].PolicyName'
AmazonEC2FullAccess
IAMFullAccess
AmazonS3FullAccess
ELBServerCert
ResourceGroupsandTagEditorReadOnlyAccess
ResourceGroupsandTagEditorFullAccess
AmazonRoute53FullAccess
- is related to
-
SPLAT-1816 [aws][spike] Review the minimum permissions required by installer and components
-
- Closed
-
- links to
