You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Lambda IAM Roles created by RDK has sts:AssumeRole wildcard permissions, and should be either removed entirely or scoped down significantly. There are some cross-account implications where a Lambda may need to assume another role, but for the most part it is too permissive.
For examples of this, see the configRule.yaml, configRuleOrganization.yaml, and data.tf files within the templates folder.
The text was updated successfully, but these errors were encountered:
Migrating TODOs to Issues.
Lambda IAM Roles created by RDK has sts:AssumeRole wildcard permissions, and should be either removed entirely or scoped down significantly. There are some cross-account implications where a Lambda may need to assume another role, but for the most part it is too permissive.
For examples of this, see the configRule.yaml, configRuleOrganization.yaml, and data.tf files within the templates folder.
The text was updated successfully, but these errors were encountered: