Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CloudFormation Template to Add IAM Group with Read-Only Permissions #469

Merged
merged 4 commits into from
Dec 30, 2024
Merged

Update CloudFormation Template to Add IAM Group with Read-Only Permissions #469

merged 4 commits into from
Dec 30, 2024
+95 −17

Conversation

computeronaldo
Copy link

Summary

This PR updates the existing AWS CloudFormation template by:

  1. Adding an IAM group to the template.
  2. Attaching a policy to the IAM group that provides read-only permissions.
  3. Ensuring that IAM users belonging to this group will inherit the attached read-only permissions.

Approach

The goal of this update is to enable a structured approach for granting read-only access to specific IAM users by organizing them into a dedicated group.

Changes Made:

  1. Added the definition for the new IAM group.
  2. Created and attached a managed policy to grant read-only access.
  3. Updated template documentation (if applicable) to reflect these changes.

How to Test the Changes

  1. Upload the template to AWS cloud formation.
  2. Go to IAM groups and find IAMReadOnlyGroup.
  3. Add an IAM user to this group enabling console access under security credentials.
  4. Get the username and password for created IAM user.
  5. Login again as IAM user using the credentials generated in previous step.
  6. Verify all resources accessibility in IAM user's console.

Screenshots or Recordings

screen-capture.2.-aws-task.1.-compressed.mp4

Checklist

  • I have added/updated tests that cover the changes.
  • I have updated the documentation to reflect the changes.

@computeronaldo
feat: update cloudformation template to allow iam users belonging to …
75288bf 
…IAMReadOnlyGroup have read only access to resources being deployed
@computeronaldo computeronaldo added the enhancement New feature or request label Dec 25, 2024
@computeronaldo computeronaldo requested a review from aps08 December 25, 2024 06:17
@computeronaldo computeronaldo self-assigned this Dec 25, 2024
@computeronaldo computeronaldo added good first issue Good for newcomers low priority Low priority task labels Dec 25, 2024
@computeronaldo computeronaldo linked an issue Dec 25, 2024 that may be closed by this pull request
Add IAM Group in Cloudformation templates #436
Open
2 tasks
aps08
aps08 requested changes Dec 30, 2024
View reviewed changes
Copy link
Member

@aps08 aps08 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Showing new file. But file already exists in the aws folder of the app in packages.

@computeronaldo
chore: removed cloudformation dev template from templates folders and…
e64c3cf 
… moved changes to cloudformation dev template in aws folder inside app directory
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

@aps08 aps08 merged commit af4c1bb into monorepo_setup Dec 30, 2024
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aps08 aps08 aps08 approved these changes

Assignees

@computeronaldo computeronaldo

Labels
enhancement New feature or request good first issue Good for newcomers low priority Low priority task
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add IAM Group in Cloudformation templates
2 participants
@computeronaldo @aps08