- edited description
'Fixing' opsec
Understanding that modifying CloudFormation managed resources directly is sub-optimal, but looking for a way to 'fix' the opsec of an existing SpaceCrab installlation, are the following steps sufficient?
1) Delete any tokens created with the /SpaceCrab/ path (a backup of these tokens can be used to re-create them after steps 2 and 3 are completed).
2) Change the value of HONEY_TOKEN_USER_PATH in AddTokenFunction to something other than /SpaceCrab/
3) Add the path specified in 2 to the Resource array in the IAMaccessPolicy policy.
Comments (4)
-
reporter -
reporter - edited description
-
reporter - edited description
-
Sorry about the delayed response -that seems like it should work, though I don’t think you can recreate the tokens meaningfully (I don’t think you can control the public or private parts of an IAM key), you’d have to re-create them and redeploy. At which point you may as well just redeploy the whole stack, since you have to redistribute all the tokens anyway.
- Log in to comment