This repository has been archived by the owner on Sep 30, 2020. It is now read-only.
Too permissive IAM policy for CA associated to controller nodes #903
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Milestone
The IAM policy associated to controller nodes is unnecessarily permissive for running CA.
What we actually want instead would look exactly same as the one for worker nodes:
The latter is better because it prevents any app running on the nodes from terminating EC2 instances outside of the K8S cluster. For instance, it would have prevented a misbehaving CA to terminate EC2 instances outside of the K8S cluster like we experienced in #800.
The text was updated successfully, but these errors were encountered: