Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52342

Refine S3 security policy to only allow access to the created bucket

    XMLWordPrintable

Details

    • Evergreen - Milestone 1, Evergreen - Milestone 2

    Description

      To move forward in JENKINS-49853, I gave access to all S3 buckets with the following policy:

      {
        "PolicyName": "S3ArtifactManagerPolicy",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Sid": "TodoRefineSecurityALot",
                  "Effect": "Allow",
                  "Action": [
                      "s3:PutObject",
                      "s3:GetObject",
                      "s3:ListBucket",
                      "s3:DeleteObject"
                  ],
                  "Resource": "*"
              }
          ]
        }
      }
      

      We should restrict Resource to the dedicated bucket that was just created with CloudFormation.

      (I tried to do that initially, but then went to the easier path to paint the big picture, and address this as a followup)

      Attachments

        Activity

          People

            Unassigned Unassigned
            batmat Baptiste Mathus
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: