WARNING: The internal docker registry has been fully disabled in this release. Applications that have not been deployed in several months should be redeployed before updating to this release.
With security always top of mind, we set out to secure and lock down the various AWS permissions a Rack would need to manage itself. As with security in general, this is an on going process. We’ll from time to time update these permissions accordingly while trying to be specific and limit the number of permissions required.
Some examples in this release includes:
- Limited access to DynamoDB tables that only begin with the name of the Rack as a prefix
- Limited access to RDS instances that only begin with the name of the Rack as a prefix
- Limited access to IAM resources (roles, users, policies, etc) that belong to the
To see the technical details and exactly what kind of permissions Rack needs to manage itself, there’s no better place than the source itself.
/resources API endpoint has been added to continue the naming transition.