You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've played a bit with adding a self-updating capability to the stack, e.g. to check if there are updates to the stack.yml and add these features. Technically it's simple to add this, but the problem at this time is that it's an IAM nightmare. I don't want the lambda function to essentially have IAM:* as I want to prevent the possibility that the stack might get itself administratoraccess. This becomes an issue when we need to be able to add functionality (e.g. get this ec2 configuration requires ec2:SomeThing) where the lambdaexecutionrole needs to be able to update itself.
Perhaps permission boundaries can be sufficient, e.g. we will not allow an iam: policies. Something for the summer
The text was updated successfully, but these errors were encountered:
I've played a bit with adding a self-updating capability to the stack, e.g. to check if there are updates to the stack.yml and add these features. Technically it's simple to add this, but the problem at this time is that it's an IAM nightmare. I don't want the lambda function to essentially have IAM:* as I want to prevent the possibility that the stack might get itself administratoraccess. This becomes an issue when we need to be able to add functionality (e.g. get this ec2 configuration requires ec2:SomeThing) where the lambdaexecutionrole needs to be able to update itself.
Perhaps permission boundaries can be sufficient, e.g. we will not allow an
iam:policies. Something for the summerThe text was updated successfully, but these errors were encountered: