Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Elastic Bamboo
Labels:
Environment:
OnDemand & Server

UIS:
6
Support reference count:
45
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

Currently Elastic Bamboo requires you give it your account level credentials to run properly. This isn't really acceptable in many environments and we should be able to use IAM to create a bamboo user with restricted permission (i.e. bamboo doesn't need permissions to create a new VPC, or delete non-bamboo instances).

To me this is a major security problem. The response so far from support was this:

"After confirming with the Bamboo seniors, I can say that the Bamboo user does need full access to the account. We also recommend that a dedicated account be created for Bamboo to ensure that, should Bamboo "go sideways," any damage is restricted only to the Bamboo user's account."

Running a dedicated account just for bamboo isn't horribly practical if you have other resources the builds depend on, especially in a VPC environment.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

relates to: BDEV-10295 Loading...; BDEV-16385 Loading...

was cloned as: BDEV-9600 Loading...

(2 relates to, 1 was cloned as)

Activity

People

Assignee:: Unassigned

Reporter:: Chris Spradlin

Votes:: 154 Vote for this issue

Watchers:: 116 Start watching this issue

Dates

Created:: 24/Jul/2012 7:27 PM

Updated:: 20/Feb/2024 3:12 AM