hamlet
Add permission boundaries to IAM roles in CloudFormation templates generated by Hamlet #6
stevejohn-ha
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi folks,
I wonder if I could get some advice on a small issue that I'm experiencing with a Hamlet project.
Our organisation has imposed a policy restriction which prevents us from provisioning IAM roles which do not have a permission boundary.
A set of allowed permission boundaries have been defined for the organisation, and the policy requires that one of these permission boundaries is configured into every IAM role AT THE TIME that it is provisioned (the permission boundary cannot be added later).
It seems that the various Hamlet modules that provision IAM roles into CloudFormation templates do not currently configure permission boundaries, nor do they expose configuration parameters that would be necessary to add this to the generated CF templates.
So what I'm wondering is - is it possible to use a FreeMarker extension to add this configuration to our solution definitions?
I'm rather unfamiliar with what Hamlet solution extensions can and cannot do, or how the syntax could be defined to help here - any advice would be greatly appreciated!
Beta Was this translation helpful? Give feedback.
All reactions