Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52342

Refine S3 security policy to only allow access to the created bucket

    XMLWordPrintable

    Details

    • Similar Issues:
    • Sprint:
      Evergreen - Milestone 1, Evergreen - Milestone 2

      Description

      To move forward in JENKINS-49853, I gave access to all S3 buckets with the following policy:

      {
        "PolicyName": "S3ArtifactManagerPolicy",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Sid": "TodoRefineSecurityALot",
                  "Effect": "Allow",
                  "Action": [
                      "s3:PutObject",
                      "s3:GetObject",
                      "s3:ListBucket",
                      "s3:DeleteObject"
                  ],
                  "Resource": "*"
              }
          ]
        }
      }
      

      We should restrict Resource to the dedicated bucket that was just created with CloudFormation.

      (I tried to do that initially, but then went to the easier path to paint the big picture, and address this as a followup)

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            batmat Baptiste Mathus
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: