-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add more IAM Actions based on needs for aibs-informatics-workflows. #8
Conversation
@@ -78,6 +123,23 @@ | |||
"ecr:UntagResource", | |||
] | |||
|
|||
|
|||
KMS_READ_ACTIONS = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add constants in alphabetical order?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand that not everything is ordered alphabetically, but it would be helpful if you tried to order. even better if you ordered others by alphabet and type of constant (action lists vs policy variables)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tried to alphabetize and reorganize the file. Let me know if that does what you were requesting.
*KMS_READ_ACTIONS, | ||
*KMS_WRITE_ACTIONS, | ||
] | ||
|
||
ECR_FULL_ACCESS_ACTIONS = [*ECR_READ_ACTIONS, *ECR_WRITE_ACTIONS, *ECR_TAGGING_ACTIONS] | ||
|
||
ECS_READ_ACTIONS = ["ecs:DescribeContainerInstances"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will override what you have specified above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ack, thanks for catching that. Perfect example of why alphabetization helps.
@@ -78,6 +123,23 @@ | |||
"ecr:UntagResource", | |||
] | |||
|
|||
|
|||
KMS_READ_ACTIONS = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand that not everything is ordered alphabetically, but it would be helpful if you tried to order. even better if you ordered others by alphabet and type of constant (action lists vs policy variables)
Actions added below for services brought up in aibs-informatics-workflows.
I also added a docstring to make explicit that the actions are not complete read/write actions for each service, just based on the things we've needed so far.
I did this as suggested in feedback for https://github.com/AllenInstitute/aibs-informatics-workflows/pull/1, although I am slightly torn on the approach since this means that if we add actions to the read or write lists for a service, all users of that list get the added permissions even if they don't need them, but I get that's a tradeoff between convenience and absolute strictness with provided permissions.