![]() ![]() To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role. There is no workaround available for CreationRole. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. ![]() These versions no longer use the account root principal. The issue has been fixed in v1.202.0 and `aws-cdk-lib` v2.80.0. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected. The second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn't provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. There is no recommended work around.ĪWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. ![]() A fix for this issue is available in data.all version 1.5.2 and later. The issue can only be triggered by authenticated users. ![]() data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |