![]() ![]() ![]() To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role. There is no workaround available for CreationRole. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. These versions no longer use the account root principal. The issue has been fixed in v1.202.0 and `aws-cdk-lib` v2.80.0. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected. The second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn't provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. There is no recommended work around.ĪWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. A fix for this issue is available in data.all version 1.5.2 and later. The issue can only be triggered by authenticated users. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |