https://github.com/hotsock/installer-permissions

Installer permissions CloudFormation template for Hotsock installations
https://github.com/hotsock/installer-permissions

cloudformation iam yaml

Last synced: 9 months ago
JSON representation

Installer permissions CloudFormation template for Hotsock installations

• Host: GitHub
• URL: https://github.com/hotsock/installer-permissions
• Owner: hotsock
• License: mit
• Created: 2024-06-04T16:52:15.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2024-12-05T19:43:55.000Z (over 1 year ago)
• Last Synced: 2024-12-05T20:29:38.667Z (over 1 year ago)
• Topics: cloudformation, iam, yaml
• Homepage: https://www.hotsock.io
• Size: 6.84 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Hotsock Installer Permissions

This repository contains the permissions CloudFormation template used [during Hotsock installation](https://www.hotsock.io/docs/installation/initial-setup/#installer-permissions-stack).

It is provided here for easy auditability and change history.

## Included Resources

When creating a stack with the [installer-permissions.yml](./installer-permissions.yml) template, the following resources will be created in your AWS account.

- **`HotsockInstallerRole`**: IAM role that allows CloudFormation to manage Hotsock installations with appropriate permissions. It grants IAM role and policy management permissions within the `/hotsock/` IAM path and grants permissions in the `HotsockMaximumPermissions` managed policy described below.

- **`HotsockSupportRole`**: IAM role that can allow Hotsock support staff to access your account to triage issues upon your request. **Access is denied by default** with an expired date condition in the assume role trust relationship, which must be set to a date in the future to grant access.

- **`HotsockLicensingRole`**: IAM role that allows Hotsock to perform licensing operations and collect usage data for installation metering.

- **`HotsockMaximumPermissions`**: IAM managed policy that specifies the maximum permissions needed for Hotsock, used to grant permissions to `HotsockInstallerRole` and `HotsockSupportRole` and used as the mandatory [Permissions Boundary](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) for all roles created by `HotsockInstallerRole`.