-
Type:
Improvement
-
Resolution: Won't Do
-
Priority:
Critical
-
Component/s: evergreen
-
Evergreen - Milestone 1, Evergreen - Milestone 2
To move forward in JENKINS-49853, I gave access to all S3 buckets with the following policy:
{
"PolicyName": "S3ArtifactManagerPolicy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TodoRefineSecurityALot",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": "*"
}
]
}
}
We should restrict Resource to the dedicated bucket that was just created with CloudFormation.
(I tried to do that initially, but then went to the easier path to paint the big picture, and address this as a followup)