ACM.456 Eliminate one of the biggest problems with AWS developer credentials: register them in GitHub
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~
⚙️ Part of my series on Automation of cybersecurity measures. THE Coded.
🔒 Related Stories: AWS Security | Application security | I AM
💻 Free content on Cybersecurity Jobs | ✉️ Register for Broadcast list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~
In the last article, I explained how to configure an EC2 instance in a sandbox to manually test and run 2nd Sight Job Execution Framework jobs using the run_local.sh script on an EC2 instance.
Now I want to review the roles and permissions required to test the deployment of task configurations and execution of tasks.
A role with permission to create private task configurations
I explained how to create a working configuration in this article:
My models offer certain features that require AWS permissions like finding current region or account ID in an account. If your template requires such things, the role creating the private configuration will need these permissions, which should be limited to Read-only commands to query necessary information such as account ID, region, and resource IDs. Stack configurations may need to be able to assume roles in multiple accounts potentially.
Additionally, you will want to store your private configurations in your own code repository. You will need a private repository as explained in the article above and in the credentials to check in code to the private code repository.