Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent creating the login credential for IAM bot account #254

Closed
longnd opened this issue Nov 8, 2023 · 0 comments · Fixed by #266
Closed

Prevent creating the login credential for IAM bot account #254

longnd opened this issue Nov 8, 2023 · 0 comments · Fixed by #266
Assignees
@Nihisil
Labels
type : feature New feature or request

Comments

@longnd
Copy link
Contributor

longnd commented Nov 8, 2023

Why

An IAM service/bot account is created as part of the IAM module. It will be used to provision the changes to the AWS infrastructure, e.g. through Terraform.
Currently the bot account is created with login credential

infrastructure-templates/src/generators/addons/aws/modules/core/iamUserAndGroup.ts

Lines 88 to 91 in 12ebedf

output "iam_bot_temporary_passwords" {
description = "List of first time passwords for bot accounts. Must be changed at first time login and will no longer be valid."
value = module.iam_bot_users.temporary_passwords
}`;

It is unnecessary and exposes more risk. We should limit the creation of the account without console access (no login credential)

Who Benefits?

Any project that is generated based on this infra-template.
@longnd longnd added the type : feature New feature or request label Nov 8, 2023
@Nihisil Nihisil self-assigned this Dec 1, 2023
Nihisil added a commit that referenced this issue Dec 1, 2023
@Nihisil
[#254] Prevent creating the login credential for IAM bot account
99a74de
@Nihisil Nihisil mentioned this issue Dec 1, 2023
Merged
hoangmirs added a commit that referenced this issue Dec 1, 2023
@hoangmirs
Merge pull request #266 from nimblehq/feature/gh-254-remove-login-cre…
a3c3ac6 
…dentials-from-bot-account

[#254] Prevent creating the login credential for IAM bot account
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Nihisil Nihisil

Labels
type : feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[#254] Prevent creating the login credential for IAM bot account nimblehq/infrastructure-templates
2 participants
@Nihisil @longnd