You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
iam:CreateServiceLinkedRole was added in #205 and is a fairly major permission to grant to AutoSpotting. In reality, I think it only needs to create the AWSServiceRoleForEC2Spot service-linked role. Thus, its permissions could be limited to that specific resource.
Github issue
Issue type
Build number
master
Summary
iam:CreateServiceLinkedRole
was added in #205 and is a fairly major permission to grant to AutoSpotting. In reality, I think it only needs to create theAWSServiceRoleForEC2Spot
service-linked role. Thus, its permissions could be limited to that specific resource.See https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html.
Steps to reproduce
Deploy
Expected results
AutoSpotting only has permission to create the service-linked role it needs.
Actual results
AutoSpotting has permission to create any service-linked role.
The text was updated successfully, but these errors were encountered: