You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a Modernisation Platform engineer
I want to investigate potential security risks associated with granting the kms:CreateGrant permission to the GitHub OIDC role. Additionally, I aim to explore the feasibility of adding conditions to restrict the usage of this permission to prevent unauthorized granting of keys to users and roles.
Value / Purpose
The purpose of this issue is to ensure security of our key management system by thoroughly assessing the risks introduced by granting the kms:CreateGrant permission. By implementing appropriate safeguards, we aim to mitigate the risk of unauthorized access to keys.
Useful Contacts
No response
Additional Information
This permission, kms:CreateGrant, is required for the purpose of copying snapshots
Proposal / Unknowns
Hypothesis If we... [do a thing] Then... [this will happ]
Proposal A proposal that is something testable, don't worry whether it works or not, it's a place for ideas.
Unknowns Potential pitfalls that could cause the story to expand beyond its original scope. Ideally this section will remain blank.
Definition of Done
Identify security risks associated with the newly added permission.
Document findings and recommendations in a comprehensive report.
Ensure that the implementation aligns with best practices and complies with security standards.
Another team member has reviewed
Tests are green
The text was updated successfully, but these errors were encountered:
sukeshreddyg
changed the title
Evaluate Security Risks and Implement Implement Controls for kms:CreateGrant Permission in Github OIDC role
Evaluate Security Risks and Implement Controls for kms:CreateGrant Permission in Github OIDC role
Apr 22, 2024
User Story
As a Modernisation Platform engineer
I want to investigate potential security risks associated with granting the kms:CreateGrant permission to the GitHub OIDC role. Additionally, I aim to explore the feasibility of adding conditions to restrict the usage of this permission to prevent unauthorized granting of keys to users and roles.
Value / Purpose
The purpose of this issue is to ensure security of our key management system by thoroughly assessing the risks introduced by granting the
kms:CreateGrant
permission. By implementing appropriate safeguards, we aim to mitigate the risk of unauthorized access to keys.Useful Contacts
No response
Additional Information
This permission,
kms:CreateGrant
, is required for the purpose of copying snapshotsProposal / Unknowns
Hypothesis If we... [do a thing] Then... [this will happ]
Proposal A proposal that is something testable, don't worry whether it works or not, it's a place for ideas.
Unknowns Potential pitfalls that could cause the story to expand beyond its original scope. Ideally this section will remain blank.
Definition of Done
The text was updated successfully, but these errors were encountered: