github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 15:47:25 +00:00
Code Issues Projects Releases Wiki Activity

Use a newly created system account instead of my personal one

Browse Source 
This restricts attack surface, and work better in term of automation.
This commit is contained in:
Néstor Salceda 2018-11-09 19:23:54 +01:00
parent e15ee1d28d
commit c24fa324d2
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
integrations/kubernetes-response-engine/deployment/aws/lambda.tf
View File

@ -1,3 +1,7 @@
resource "aws_iam_user" "kubernetes-response-engine-user" {
name = "kubernetes_response_engine"
}
resource "aws_iam_role" "iam-for-lambda" { resource "aws_iam_role" "iam-for-lambda" {
name = "iam_for_lambda" name = "iam_for_lambda"
@ -9,7 +13,7 @@ resource "aws_iam_role" "iam-for-lambda" {
"Action": "sts:AssumeRole", "Action": "sts:AssumeRole",
"Principal": { "Principal": {
"Service": "lambda.amazonaws.com", "Service": "lambda.amazonaws.com",
"AWS": "${var.iam-user-arn}" "AWS": "${aws_iam_user.kubernetes-response-engine-user.arn}"
}, },
"Effect": "Allow", "Effect": "Allow",
"Sid": "" "Sid": ""

3
integrations/kubernetes-response-engine/deployment/aws/variables.tf
View File

@ -1,3 +0,0 @@
variable "iam-user-arn" {
type = "string"
}