Comments (3)
I will change that. Thanks for the detailed issue.
from jx3-terraform-eks.
So, all of those roles which have wide access, also have an option where you can use ur own role (https://github.com/jenkins-x/terraform-aws-eks-jx/blob/master/variables.tf#L478), and customize it as much as u want (it's what I also do at work).
So the tekton role will be used in the pipeline, and it's not possible for us to know ahead of time, what kind of things the end users will be doing with the jx pipelines (they may have tasks where they want to create a bucket, run some tests with it, and then delete it), I think that was the motivation behind some of these being wide open.
For security/production purposes, I would highly recommend managing the iam roles outside of this module by setting create_tekton_role
to false (in case of tekton, similar for other roles). Does this help? Also this applies only for tekton, I have to look into the other roles.
EDIT: Having said that, this does not make sense to me: https://github.com/jenkins-x/terraform-aws-eks-jx/blob/master/modules/cluster/irsa.tf#L232, and I will open a PR to fix it.
from jx3-terraform-eks.
@ankitm123 I appreciate your opinion. By this, I would suggest permit choose the name of the policy of this S3 access if you create or use another (like vpc_id in variable.tf file or cluster_name, or other choosable options), and by default, if you don't write this, the process using iam::aws:policy/AmazonS3FullAccess
What do you think?
from jx3-terraform-eks.
Related Issues (20)
- JX not installing
- Secrets not auto populating HOT 9
- Terraform init failining due to local-exec error HOT 5
- Error during initial install in terraform HOT 7
- Install jx3 on existing EKS cluster HOT 25
- Failure while polling the secret HOT 6
- Confusion on versioning HOT 2
- Fresh install fails HOT 10
- Registry Failed HOT 31
- Stuck at boot time HOT 16
- Fresh install fails on terraform plan HOT 5
- Install fails on eks 1.21 HOT 9
- Fresh install fails due to KMS key creation failure. HOT 6
- Readme instructions are not OK for AWS EKS deployment using Secret Manager HOT 1
- Fresh install to EKS fails with error waiting for KMS Key HOT 5
- Error: failed to install CRD crds/khcheck.yaml: resource mapping not found for name: "khchecks.comcast.github.io" namespace: "" from "": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1" ensure CRDs are installed first HOT 3
- s3 bucket error dissalowed ACL due to new policy bucket owner enforced - start date Apr 2023
- JX-GitOperator fails to install - failed to download - helm HOT 2
- Update to the method for setting defaults for cluster? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jx3-terraform-eks.