从根账户保护我的 AWS 机密
[英]Protecting my AWS Secrets from Root Account
问题描述
I'm creating a ci/cd pipeline in AWS Codepipeline and for this, I created a lot of parameters in AWS SecretManager (github password, dockerhub password, and so on).
我正在 AWS Codepipeline 中创建一个 ci/cd 管道,为此,我在 AWS SecretManager 中创建了很多参数(github 密码、dockerhub 密码等)。
Well, this secrets are mine (from my personal account) and can't be shared with anyone, including the root account.好吧,这个秘密是我的(来自我的个人帐户),不能与任何人共享,包括 root 帐户。
Is there a way to protect these secrets from root account?有没有办法保护这些秘密免受 root 帐户的侵害? I would like to give access to read/write in these secrets only for my pipeline, but root account can change it if wants to.我只想为我的管道授予对这些机密的读/写访问权限,但根帐户可以根据需要更改它。
1 个解决方案
解决方案1
1 已采纳 2020-08-12 19:17:02
It's not possible to restrict the access of the root user to a service unless the account itself doesn't have access to the service.除非帐户本身无权访问服务,否则无法限制 root 用户对服务的访问。 This can be done with AWS Organizations SCP.这可以通过 AWS Organizations SCP 完成。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.