1. Atlassian Security Team Avatar Atlassian Security Team
  2. public tools
  3. spacecrab
  4. Issues

'Fixing' opsec

Issue #10 new
Captain Crabby created an issue

Understanding that modifying CloudFormation managed resources directly is sub-optimal, but looking for a way to 'fix' the opsec of an existing SpaceCrab installlation, are the following steps sufficient?

1) Delete any tokens created with the /SpaceCrab/ path (a backup of these tokens can be used to re-create them after steps 2 and 3 are completed).

2) Change the value of HONEY_TOKEN_USER_PATH in AddTokenFunction to something other than /SpaceCrab/

3) Add the path specified in 2 to the Resource array in the IAMaccessPolicy policy.

Comments (4)

  4. danb

    Sorry about the delayed response -that seems like it should work, though I don’t think you can recreate the tokens meaningfully (I don’t think you can control the public or private parts of an IAM key), you’d have to re-create them and redeploy. At which point you may as well just redeploy the whole stack, since you have to redistribute all the tokens anyway.

  5. Log in to comment
Assignee
Type
proposal
Priority
critical
Status
new
Votes
0
Watchers
1