You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I stumbled upon this piece of code https://github.com/stelligent/cloudformation_templates/blob/master/labs/codebuild/codebuild.yml#L194 while searching for reference how to create a proper CodeBuild service role. Giving a role arn:aws:iam::aws:policy/AdministratorAccess is a terrible security practice, even for example code. A malicious pull request could alter the buildspec.yml and access the whole AWS account.
The text was updated successfully, but these errors were encountered:
Request
Details
I stumbled upon this piece of code https://github.com/stelligent/cloudformation_templates/blob/master/labs/codebuild/codebuild.yml#L194 while searching for reference how to create a proper CodeBuild service role. Giving a role
arn:aws:iam::aws:policy/AdministratorAccessis a terrible security practice, even for example code. A malicious pull request could alter the buildspec.yml and access the whole AWS account.The text was updated successfully, but these errors were encountered: