You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The existing deployment(s) of the SMTP brokerpak mentioned in #2988 were designed for use by single customers who run the Cloud Service Broker as a Supplemental Service Broker, brokering services to one organization only. Our CSB deployment will be available to all customers, so we must make sure the provisioning & binding code creates resources scoped to the tenant that created them.
Acceptance Criteria:
Validate that binding credentials have access to only one SES identity and document the reasoning or results
The text was updated successfully, but these errors were encountered:
Per AWS, a user cannot send to an identity without an IAM policy or Sending Authorization Policy that allows it. The brokerpak implements this with an IAM policy, which includes a Resource constraint with the ARN of their identity and configuration set. This prevents cross-identity, and therefore cross-tenant, access.
The existing deployment(s) of the SMTP brokerpak mentioned in #2988 were designed for use by single customers who run the Cloud Service Broker as a Supplemental Service Broker, brokering services to one organization only. Our CSB deployment will be available to all customers, so we must make sure the provisioning & binding code creates resources scoped to the tenant that created them.
Acceptance Criteria:
The text was updated successfully, but these errors were encountered: