Skip to content

Commit

Permalink
Restrict ClusterRole to readonly IAMIdentityMapping access
Browse files Browse the repository at this point in the history
In the spirit of least privilege security, we shouldn't give write access to the custom resources since it is not needed.
  • Loading branch information
rifelpet committed Jan 28, 2020
1 parent 7547c74 commit 48a560e
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions deploy/example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,18 @@ rules:
- apiGroups:
- iamauthenticator.k8s.aws
resources:
- "*"
- iamidentitymappings
verbs:
- "*"
- get
- list
- watch
- apiGroups:
- iamauthenticator.k8s.aws
resources:
- iamidentitymappings/status
verbs:
- patch
- update
- apiGroups:
- ""
resources:
Expand Down

0 comments on commit 48a560e

Please sign in to comment.