Permissions in Microservices IAM Roles Are Too Permissive

[svozza]

Looking at the CloudFormation for the mircroservices, I noticed that that it results in 6 IAM roles being created that all have identical permissions which span all the actions that every microservice wants to perform. This violates the principle of least privilege; each microservice should only have the permissions it requires to do its job.

My proposal is to create a roles.yaml template in the aws/cloudformation-templates/services folder that contains properly scoped IAM roles for each service, which is passed into the _template.yaml file. I am happy to do a PR for this.