Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-7251

restrict AWS IAM credentials to active regions only

    Details

    • Type: Story
    • Status: Won't Fix
    • Resolution: Done
    • Fix Version/s: None
    • Component/s: Continuous Integration
    • Labels:
      None

      Description

      AWS does not provide a mechanism to restrict IAM accounts on a per region basis. However, it is possible to add "conditionals" to most API endpoints to restrict the region. It will be fairly tedious to determine all endpoints which may be restricted in this manner.

      See: https://serverfault.com/questions/589150/is-it-possible-to-restrict-aws-users-accounts-to-a-specific-region

        Attachments

          Activity

          Hide
          jhoblitt Joshua Hoblitt added a comment -

          I'm giving up on this as it would require touching every iam policy (current+future)

          Show
          jhoblitt Joshua Hoblitt added a comment - I'm giving up on this as it would require touching every iam policy (current+future)

            People

            • Assignee:
              jhoblitt Joshua Hoblitt
              Reporter:
              jhoblitt Joshua Hoblitt
              Watchers:
              Frossie Economou, Joshua Hoblitt
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Summary Panel