Skip to content

Update IAM role policy configuration to use StringEquals for Mountpoint for Amazon S3 CSI driver #812

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pgasca merged 1 commit into from
Nov 25, 2024
Merged

Update IAM role policy configuration to use StringEquals for Mountpoint for Amazon S3 CSI driver #812

pgasca merged 1 commit into from
Nov 25, 2024

Conversation

@jiaeenie
Copy link

@jiaeenie jiaeenie commented Nov 25, 2024

Currently, the documentation recommends that customers use a wildcard match StringLike in their IAM role policy configuration for the CSI Driver EKS add-on. This approach is not considered a security best practice and has caused confusions for some customers (see: awslabs/mountpoint-s3-csi-driver#300 and awslabs/mountpoint-s3-csi-driver#173 (comment)).

In this pull request, we update the documentation to advice using StringEquals instead of StringLike to improve security and address these concerns.

/cc @unexge @muddyfish @dannycjones

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@jiaeenie jiaeenie requested a review from pgasca as a code owner November 25, 2024 15:45
unexge
unexge approved these changes Nov 25, 2024
View reviewed changes
Copy link

@unexge unexge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pgasca pgasca merged this pull request into awsdocs:mainline Nov 25, 2024
1 check failed
@pgasca pgasca self-assigned this Nov 25, 2024
geoffcline pushed a commit that referenced this pull request Dec 19, 2024
@pgasca
Update IAM role policy configuration to use StringEquals for Mountpoi…
d5ea8fa 
…nt for Amazon S3 CSI driver PR #812
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pgasca pgasca pgasca approved these changes

+1 more reviewer

@unexge unexge unexge approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pgasca pgasca

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jiaeenie @unexge @pgasca