Merge pull request #30 from loft-sh/fix/aws_permission_hardening

fix(security): make stricter rules for AWS instance profile
loft-sh · May 7, 2024 · 0c18812 · 0c18812
2 parents 06d6bfd + 963d24e
commit 0c18812
Showing 1 changed file with 0 additions and 4 deletions.
diff --git a/pkg/aws/aws.go b/pkg/aws/aws.go
@@ -232,7 +232,6 @@ func GetAMIRootDevice(ctx context.Context, cfg aws.Config, diskImage string) (st
 		},
 	}
 	result, err := svc.DescribeImages(ctx, input)
-
 	if err != nil {
 		return "", err
 	}
@@ -295,10 +294,7 @@ func CreateDevpodInstanceProfile(ctx context.Context, provider *AwsProvider) (st
             "Sid": "VisualEditor0",
             "Effect": "Allow",
             "Action": [
-                "ec2:DescribeInstances",
                 "ec2:StopInstances",
-                "ec2:DescribeInstanceStatus",
-				"ec2:DescribeInstanceConnectEndpoints"
             ],
             "Resource": "*"
         }