-
Feature Request
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
What is the nature and description of the request?
- Introduce the ability for the Cloud Credential Operator (CCO) to automatically apply a configurable IAM permission boundary when creating new cloud credentials via CredentialRequests.
- This enhancement would allow administrators to define a permission boundary policy that is consistently attached to all newly provisioned IAM roles/users generated by CCO.
Why does the customer need this? (List the business requirements here)
- Security governance enforcement: Organizations must ensure all cloud IAM entities operate within centrally approved permission limits.
- Compliance requirements: Many regulated environments require permission boundaries to prevent privilege escalation and enforce least-privilege access models.
- Operational risk reduction: Prevents accidental creation of overly permissive IAM roles by cluster components.
- Audit and policy control: Simplifies auditing by guaranteeing all CCO-managed identities adhere to organization security policies.
List any affected packages or components.
- Cloud Credential Operator (CCO)
- CredentialRequest API and controllers
- Cloud provider IAM integration
