-
Improvement
-
Resolution: Unresolved
-
Major
-
None
I'm unable to find a way to submit a PR to the documentation of this project.
However in the wiki, The advised IAM configuration is highly insecure.
It allows the assigned entity to stop any task on any cluster rather then scoping to a specific environment (cluster) this allows your Jenkins master to stop any ECS container/task , including all your production ones through misconfiguration or nefarious activity.
I've provided the corrected policy below.
Incorrect policy:
{
"Sid": "Stmt1452746887376",
"Action": [ "ecs:StopTask", "ecs:DescribeTasks" ],
"Effect": "Allow",
"Resource": "arn:aws:ecs:<region>:<accountId>:task/*"
}
Secure policy:
{
"Sid": "",
"Action": [ "ecs:StopTask", "ecs:DescribeTasks" ],
"Effect": "Allow",
"Resource": "arn:aws:ecs:<region>:<accountId>:task/<constraining further here is also advisable if possible>*",
"Condition" : {
"StringEquals" : {
"ecs:cluster": "<your cluster's ARN for CI>"
}
}
}
[JENKINS-58037] Insecure IAM policy in documentation
Russell Maclean
created issue -
Russell Maclean
made changes -
| Description |
Original:
I'm unable to find a way to submit a PR to the documentation of this project. However in the wiki, The advised IAM configuration is highly insecure. It allows the assigned entity to stop any task on any cluster rather then scoping to a specific environment (cluster) this allows your Jenkins master to stop any ECS container/task , including all your production ones through misconfiguration or nefarious activity. I've provided the corrected policy below. Incorrect policy: {code:java} // code placeholder {code} { "Sid": "Stmt1452746887376", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/*" } Secure policy: {code:java} // code placeholder { "Sid": "", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/<constraining further here is also advisable if possible>*", "Condition" : { "StringEquals" : { "ecs:cluster": "<your cluster for CI>" } } } |
New:
I'm unable to find a way to submit a PR to the documentation of this project. However in the wiki, The advised IAM configuration is highly insecure. It allows the assigned entity to stop any task on any cluster rather then scoping to a specific environment (cluster) this allows your Jenkins master to stop any ECS container/task , including all your production ones through misconfiguration or nefarious activity. I've provided the corrected policy below. Incorrect policy: {code:java} { "Sid": "Stmt1452746887376", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/*" } Secure policy: {code:java} // code placeholder { "Sid": "", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/<constraining further here is also advisable if possible>*", "Condition" : { "StringEquals" : { "ecs:cluster": "<your cluster for CI>" } } } |
Russell Maclean
made changes -
| Description |
Original:
I'm unable to find a way to submit a PR to the documentation of this project. However in the wiki, The advised IAM configuration is highly insecure. It allows the assigned entity to stop any task on any cluster rather then scoping to a specific environment (cluster) this allows your Jenkins master to stop any ECS container/task , including all your production ones through misconfiguration or nefarious activity. I've provided the corrected policy below. Incorrect policy: {code:java} { "Sid": "Stmt1452746887376", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/*" } Secure policy: {code:java} // code placeholder { "Sid": "", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/<constraining further here is also advisable if possible>*", "Condition" : { "StringEquals" : { "ecs:cluster": "<your cluster for CI>" } } } |
New:
I'm unable to find a way to submit a PR to the documentation of this project. However in the wiki, The advised IAM configuration is highly insecure. It allows the assigned entity to stop any task on any cluster rather then scoping to a specific environment (cluster) this allows your Jenkins master to stop any ECS container/task , including all your production ones through misconfiguration or nefarious activity. I've provided the corrected policy below. Incorrect policy: {code:java} { "Sid": "Stmt1452746887376", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/*" } {code} Secure policy: {code:java} // code placeholder { "Sid": "", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/<constraining further here is also advisable if possible>*", "Condition" : { "StringEquals" : { "ecs:cluster": "<your cluster for CI>" } } } {code} |
Russell Maclean
made changes -
| Description |
Original:
I'm unable to find a way to submit a PR to the documentation of this project. However in the wiki, The advised IAM configuration is highly insecure. It allows the assigned entity to stop any task on any cluster rather then scoping to a specific environment (cluster) this allows your Jenkins master to stop any ECS container/task , including all your production ones through misconfiguration or nefarious activity. I've provided the corrected policy below. Incorrect policy: {code:java} { "Sid": "Stmt1452746887376", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/*" } {code} Secure policy: {code:java} // code placeholder { "Sid": "", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/<constraining further here is also advisable if possible>*", "Condition" : { "StringEquals" : { "ecs:cluster": "<your cluster for CI>" } } } {code} |
New:
I'm unable to find a way to submit a PR to the documentation of this project. However in the wiki, The advised IAM configuration is highly insecure. It allows the assigned entity to stop any task on any cluster rather then scoping to a specific environment (cluster) this allows your Jenkins master to stop any ECS container/task , including all your production ones through misconfiguration or nefarious activity. I've provided the corrected policy below. Incorrect policy: {code:java} { "Sid": "Stmt1452746887376", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/*" } {code} Secure policy: {code:java} { "Sid": "", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/<constraining further here is also advisable if possible>*", "Condition" : { "StringEquals" : { "ecs:cluster": "<your cluster for CI>" } } } {code} |
Greg Biles
made changes -
| Description |
Original:
I'm unable to find a way to submit a PR to the documentation of this project. However in the wiki, The advised IAM configuration is highly insecure. It allows the assigned entity to stop any task on any cluster rather then scoping to a specific environment (cluster) this allows your Jenkins master to stop any ECS container/task , including all your production ones through misconfiguration or nefarious activity. I've provided the corrected policy below. Incorrect policy: {code:java} { "Sid": "Stmt1452746887376", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/*" } {code} Secure policy: {code:java} { "Sid": "", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/<constraining further here is also advisable if possible>*", "Condition" : { "StringEquals" : { "ecs:cluster": "<your cluster for CI>" } } } {code} |
New:
I'm unable to find a way to submit a PR to the documentation of this project. However in the wiki, The advised IAM configuration is highly insecure. It allows the assigned entity to stop any task on any cluster rather then scoping to a specific environment (cluster) this allows your Jenkins master to stop any ECS container/task , including all your production ones through misconfiguration or nefarious activity. I've provided the corrected policy below. Incorrect policy: {code:java} { "Sid": "Stmt1452746887376", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/*" } {code} Secure policy: {code:java} { "Sid": "", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Effect": "Allow", "Resource": "arn:aws:ecs:<region>:<accountId>:task/<constraining further here is also advisable if possible>*", "Condition" : { "StringEquals" : { "ecs:cluster": "<your cluster's ARN for CI>" } } } {code} |