1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hi,
Yes, this is the expected behavior and important point to note is this would only be used by codepipeline service as it's codepipeline service role. However you can create your own codepipeline service role following least privilege model and use it while creating pipeline but make sure that it has all the required permissions to deploy/provision resources.
Referece:
Hope this helps.
Comment here if you have additional questions, happy to help.
Abhishek
Contenus pertinents
- demandé il y a un an
- demandé il y a 8 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Yes, you can reduce to least privilege as suggested but it is dependent on what the stages of your pipeline do: you'll have to grant privileges for each of the AWS service that you use in this pipeline, either directly or indirectly. So, start with no privilege and cycle until the last "Authorization Denied" disappear. You can also use CloudTrail to track the various service calls done by your Pipeline: you'll be more efficient.
Do you have any additional questions?