https://github.com/osquery/osquery logo
Join Slack
Powered by
Hey guys, I'm trying to forward all my osquery que...
# general
k
Hey guys, I'm trying to forward all my osquery queries running on various endpoints to AWS Kinesis Data Firehose using an IAM role rather than an access key ID. Does anyone know how I can lock down the trust relationship of the role, meaning who can assume this role? This is what I'm seeing and I'd like to avoid using the wildcard (*) as the principal:
Copy code
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
I ended up creating an empty IAM user that can assume the role and locking down this policy to allow requests only from that user. Hope this helps!
8 Views
Open in Slack
PreviousNext
Powered by