Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(RAIN-94239): Rm modify terraform to add a policy #127

Merged
merged 10 commits into from
Jan 30, 2025
Merged

feat(RAIN-94239): Rm modify terraform to add a policy #127

merged 10 commits into from
Jan 30, 2025

Conversation

LMAX-iwnf
Copy link
Contributor

@LMAX-iwnf LMAX-iwnf commented Jan 22, 2025
edited
Loading

Summary

AWS iam policy can only have up to 6144 chars. We need another policy to maintain the new services' permissions.
Modified terraform to have 2 policies created and attach to the same role.
Added permission for FIS, codeartifact.
Added tag call permission for SES, backup and AMP
Adding permission for compute-optimizer, and kinesisvideos

How did you test this change?

Tested in DEV integration.
https://docs.google.com/document/d/1rkfXAQUaA32_IShki6mTmf2aZF4HRiMSGX6_-I4pf8w/[email protected]&sharingaction=manageaccess&role=writer&tab=t.0

Issue

https://lacework.atlassian.net/browse/RAIN-94239

@LMAX-iwnf
Adding a new policy to avoid iam policy char limit
e129ca1 
Adding permission for FIS and codeartifact
Adding tag call permissions for ses,backup,amp
@LMAX-iwnf
Fix bug
97053b5
@LMAX-iwnf
remove empty line
705fcde
ryannicholson
ryannicholson reviewed Jan 22, 2025
View reviewed changes
main.tf Outdated Show resolved Hide resolved
@LMAX-iwnf
Added comments to the code to explain why we need another policy
3578f3d 
Added explanation to the README file as well
@LMAX-iwnf
Add terraform doc
e2cc253
@LMAX-iwnf
Adding permission for kinesis video
46fe02d 
Adding permission for compute optimizer
ashwinjaylacework
ashwinjaylacework reviewed Jan 23, 2025
View reviewed changes
main.tf Outdated Show resolved Hide resolved
@lacework-code-security Lacework Code Security
Copy link

(Audit Mode) Lacework IAC found 7 new violations
Violation Severity File Guidelines
Ensure IAM policies do not allow administrative privileges Critical main.tf VIEW
Ensure IAM policies do not allow administrative privileges Critical main.tf VIEW
Ensure IAM policies do not allow administrative privileges Critical main.tf VIEW
Ensure IAM policies do not allow administrative privileges Critical main.tf VIEW
Ensure IAM policies do not allow administrative privileges Critical main.tf VIEW
Ensure IAM policies do not allow administrative privileges Critical main.tf VIEW
Ensure IAM policies do not allow administrative privileges Critical main.tf VIEW

jjzhangjjzhang
jjzhangjjzhang approved these changes Jan 30, 2025
View reviewed changes
Copy link
Contributor

@jjzhangjjzhang jjzhangjjzhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Look good to me

@LMAX-iwnf LMAX-iwnf merged commit 664dfaa into main Jan 30, 2025
11 checks passed
@LMAX-iwnf LMAX-iwnf deleted the rm_modify_terraform_to_add_a_policy branch January 30, 2025 22:48
@lacework-releng lacework-releng mentioned this pull request Jan 31, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashwinjaylacework ashwinjaylacework ashwinjaylacework left review comments

@ryannicholson ryannicholson ryannicholson left review comments

@leijin-lw leijin-lw leijin-lw approved these changes

@jjzhangjjzhang jjzhangjjzhang jjzhangjjzhang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@LMAX-iwnf @ryannicholson @jjzhangjjzhang @ashwinjaylacework @leijin-lw