Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-11932

Bamboo requires full permissions to EC2


    • 6
    • 45
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Currently Elastic Bamboo requires you give it your account level credentials to run properly. This isn't really acceptable in many environments and we should be able to use IAM to create a bamboo user with restricted permission (i.e. bamboo doesn't need permissions to create a new VPC, or delete non-bamboo instances).

      To me this is a major security problem. The response so far from support was this:

      "After confirming with the Bamboo seniors, I can say that the Bamboo user does need full access to the account. We also recommend that a dedicated account be created for Bamboo to ensure that, should Bamboo "go sideways," any damage is restricted only to the Bamboo user's account."

      Running a dedicated account just for bamboo isn't horribly practical if you have other resources the builds depend on, especially in a VPC environment.

            Unassigned Unassigned
            4266f0f1452d Chris Spradlin
            154 Vote for this issue
            116 Start watching this issue