Skip to content

CloudFront Invalidation IAM Policy (Least Privilege) #70

New issue
New issue
Open
Task
Open
CloudFront Invalidation IAM Policy (Least Privilege)#70
Task
Assignees
Tuburni
Labels
awsAmazon Web Services & cloud resourcesci/cdContinuous Integration & Continuous DeploymentgovernancePolicies & standardshacktoberfestSpecial issue for Hacktoberfesthacktoberfest-2025Special issue for Hacktoberfest 2025infraInfrastructurepriority: highNeeds attention ASAPsecuritySecurity & compliance
Milestone
Hacktoberfest 2025
@Alexandrbig1

Description

@Alexandrbig1
Alexandrbig1
opened on Oct 4, 2025

Priority: High
Difficulty: Easy

Description:
Create an IAM policy that grants CI/CD workflows only the cloudfront:CreateInvalidation permission, scoped to the specific CloudFront distribution ARN.

  • Ensure the policy follows the principle of least privilege.

Acceptance Criteria:

  • IAM policy allows only cloudfront:CreateInvalidation for the exact distribution ARN
  • Policy is attached to the CI/CD role or user

Metadata

Metadata

Assignees

Labels

awsAmazon Web Services & cloud resourcesci/cdContinuous Integration & Continuous DeploymentgovernancePolicies & standardshacktoberfestSpecial issue for Hacktoberfesthacktoberfest-2025Special issue for Hacktoberfest 2025infraInfrastructurepriority: highNeeds attention ASAPsecuritySecurity & compliance

Type

Task

Projects

CoreX E-Commerce — Hacktoberfest 2025

Status

In Progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions