1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hi,
Yes, this is the expected behavior and important point to note is this would only be used by codepipeline service as it's codepipeline service role. However you can create your own codepipeline service role following least privilege model and use it while creating pipeline but make sure that it has all the required permissions to deploy/provision resources.
Referece:
Hope this helps.
Comment here if you have additional questions, happy to help.
Abhishek
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전
Yes, you can reduce to least privilege as suggested but it is dependent on what the stages of your pipeline do: you'll have to grant privileges for each of the AWS service that you use in this pipeline, either directly or indirectly. So, start with no privilege and cycle until the last "Authorization Denied" disappear. You can also use CloudTrail to track the various service calls done by your Pipeline: you'll be more efficient.
Do you have any additional questions?