Feature request: Support Permission Boundaries

Question

Feature request: Support Permission Boundaries

Closed this issue a year ago · 3 comments

We have customers who have restrictions in place that the operator and account roles cannot be created without having a permissions boundary. This is supported in the aws_iam_role but not available via the module yet.

Answer 1 · 2023-04-28T12:28:17.000Z

I work together with @Seth-Karlo in the Red Hat EMEA Black Belt team. I just wanted to add that this is supported in the rosa cli:

$ rosa create operator-roles --help

....

Examples:
  # Create operator roles with a specific permissions boundary
  rosa create operator-roles -c mycluster --permissions-boundary arn:aws:iam::123456789012:policy/perm-boundary

Flags:
...
      --permissions-boundary string   The ARN of the policy that is used to set the permissions boundary for the operator roles.
...

We would like to use this same feature in terraform.

Answer 2 · 2023-05-24T16:27:37.000Z

I opened a PR for that :
#13

Answer 3 · 2023-05-24T16:37:47.000Z

Thanks very much!