Uploaded image for project: 'Bamboo'
  1. Bamboo
  2. BAM-11932

Bamboo requires full permissions to EC2

    XMLWordPrintable

    Details

    • Themes:
      EC2
    • Last commented by user?:
      true
    • Comments:
      52
    • Support reference count:
      44
    • UIS:
      3

      Description

      Currently Elastic Bamboo requires you give it your account level credentials to run properly. This isn't really acceptable in many environments and we should be able to use IAM to create a bamboo user with restricted permission (i.e. bamboo doesn't need permissions to create a new VPC, or delete non-bamboo instances).

      To me this is a major security problem. The response so far from support was this:

      "After confirming with the Bamboo seniors, I can say that the Bamboo user does need full access to the account. We also recommend that a dedicated account be created for Bamboo to ensure that, should Bamboo "go sideways," any damage is restricted only to the Bamboo user's account."

      Running a dedicated account just for bamboo isn't horribly practical if you have other resources the builds depend on, especially in a VPC environment.

        Attachments

          Issue Links

            Activity

              Dates

              • Created:
                Updated:
                Last commented:
                8 weeks, 4 days ago