Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: discourage AdministratorAccess policy #12196

Merged
merged 4 commits into from
Dec 23, 2020
Merged

chore: discourage AdministratorAccess policy #12196

merged 4 commits into from
Dec 23, 2020

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Dec 22, 2020

Even though we can't actually suggest any particular policy to use
other than AdministratorAccess, we've been requested to make it
very clear that developers shouldn't be using AdministratorAccess
without thinking (after an engagement in which an organization's
CCoE was displeased with individual developer teams copy/pasting
example bootstrapping commands from our developer guides).

Add a note to tell developers to check with their organization's CCoE
before using AdministratorAccess.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@rix0rrr
chore: discourage AdministratorAccess policy
115ac81 
Even though we can't actually suggest any particular policy to use
other than `AdministratorAccess`, we've been requested to make it
very clear that developers shouldn't be using `AdministratorAccess`
without thinking (after an engagement in which an organization's
CCoE was displeased with individual developer teams copy/pasting
example bootstrapping commands from our developer guides).

Add a note to tell developers to check with their organization's CCoE
before using `AdministratorAccess`.
@rix0rrr rix0rrr requested a review from a team December 22, 2020 13:15
@rix0rrr rix0rrr self-assigned this Dec 22, 2020
@gitpod-io
Copy link

gitpod-io bot commented Dec 22, 2020
edited
Loading

@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Dec 22, 2020
@iliapolo iliapolo added the pr/do-not-merge This PR should not be merged at this time. label Dec 22, 2020
iliapolo
iliapolo reviewed Dec 22, 2020
View reviewed changes
packages/@aws-cdk/pipelines/README.md Outdated
Comment on lines 653 to 656
> to your account, and can potentially make changes that affect your security posture.
> Its use requires complete trust in the code and dependencies that make up your CDK app.
> Check with the appropriate department within your organization to decide on the
> proper policy to use.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trying to make it a little less threatening, take it leave it...

Suggested change
> to your account, and can potentially make changes that affect your security posture.
> Its use requires complete trust in the code and dependencies that make up your CDK app.
> Check with the appropriate department within your organization to decide on the
> proper policy to use.
> to your account. Make sure you trust all the code and dependencies that make up your CDK app..
> We recommend to check with the appropriate department within your organization to decide on the
> proper policy to use.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair

@rix0rrr rix0rrr removed the pr/do-not-merge This PR should not be merged at this time. label Dec 23, 2020
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: d4219e7
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Dec 23, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 336788d into master Dec 23, 2020
@mergify mergify bot deleted the huijbers/discourage-admin-polikcy branch December 23, 2020 10:28
flochaz pushed a commit to flochaz/aws-cdk that referenced this pull request Jan 5, 2021
@rix0rrr @flochaz
chore: discourage AdministratorAccess policy (aws#12196)
6216ff7 
Even though we can't actually suggest any particular policy to use
other than `AdministratorAccess`, we've been requested to make it
very clear that developers shouldn't be using `AdministratorAccess`
without thinking (after an engagement in which an organization's
CCoE was displeased with individual developer teams copy/pasting
example bootstrapping commands from our developer guides).

Add a note to tell developers to check with their organization's CCoE
before using `AdministratorAccess`.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iliapolo iliapolo iliapolo approved these changes

Assignees

@rix0rrr rix0rrr

Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rix0rrr @aws-cdk-automation @iliapolo