Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(bootstrap): Use Bootstrap w/o creating AWS IAM Roles #26610

Open
2 tasks
collin-miller opened this issue Aug 2, 2023 · 0 comments
Open
2 tasks

(bootstrap): Use Bootstrap w/o creating AWS IAM Roles #26610

collin-miller opened this issue Aug 2, 2023 · 0 comments
Labels
effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 package/tools Related to AWS CDK Tools or CLI

Comments

@collin-miller
Copy link

Describe the feature

I would like to be able to use the AWS CDK but don't want to use a Stack Role to do the deployments (otherwise using iam:PassRole when creating a cloudformation stack during bootstrap). This is a privilege escalation pathway for humans and deployment roles who have update stack permissions.

Use Case

I would like to either avoid bootstrapping an account or get the account to bootstrap without IAM resources/permissions.

Proposed Solution

Make it easy to use only the permissions assumed by the principal executing cdk deploy...

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.89.0 (build 2ad6683)

Environment details (OS name and version, etc.)

macOs
@collin-miller collin-miller added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Aug 2, 2023
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Aug 2, 2023
@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Aug 3, 2023
@github-actions github-actions bot mentioned this issue Sep 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @collin-miller