Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Evaluate Security Risks and Implement Controls for kms:CreateGrant Permission in Github OIDC role #6845

Open
5 tasks
sukeshreddyg opened this issue Apr 22, 2024 · 0 comments
Open
5 tasks

Evaluate Security Risks and Implement Controls for kms:CreateGrant Permission in Github OIDC role #6845

sukeshreddyg opened this issue Apr 22, 2024 · 0 comments
Labels
security

Comments

@sukeshreddyg
Copy link
Contributor

User Story

As a Modernisation Platform engineer
I want to investigate potential security risks associated with granting the kms:CreateGrant permission to the GitHub OIDC role. Additionally, I aim to explore the feasibility of adding conditions to restrict the usage of this permission to prevent unauthorized granting of keys to users and roles.

Value / Purpose

The purpose of this issue is to ensure security of our key management system by thoroughly assessing the risks introduced by granting the kms:CreateGrant permission. By implementing appropriate safeguards, we aim to mitigate the risk of unauthorized access to keys.

Useful Contacts

No response

Additional Information

This permission, kms:CreateGrant, is required for the purpose of copying snapshots

Proposal / Unknowns

Hypothesis If we... [do a thing] Then... [this will happ]

Proposal A proposal that is something testable, don't worry whether it works or not, it's a place for ideas.

Unknowns Potential pitfalls that could cause the story to expand beyond its original scope. Ideally this section will remain blank.

Definition of Done

  • Identify security risks associated with the newly added permission.
  • Document findings and recommendations in a comprehensive report.
  • Ensure that the implementation aligns with best practices and complies with security standards.
  • Another team member has reviewed
  • Tests are green
@sukeshreddyg sukeshreddyg changed the title Evaluate Security Risks and Implement Implement Controls for kms:CreateGrant Permission in Github OIDC role Evaluate Security Risks and Implement Controls for kms:CreateGrant Permission in Github OIDC role Apr 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
Modernisation Platform
Status: To Do
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SimonPPledger @sukeshreddyg