Yes, that's an interesting idea. Effectively it's limiting the Lambda function to only do what it's meant to do, so the role can't be used to stop/terminate other instances. Of course, this then needs limitations on who can edit Tags.
I'll admit I was lazy — I made one IAM Role that would work with both Stopinators, but it should be scoped-down to be safer.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I’d scope down the IAM role in Type 1. Adding a condition to only allow termination of instances with certain tags makes this a lot safer.
Yes, that's an interesting idea. Effectively it's limiting the Lambda function to only do what it's meant to do, so the role can't be used to stop/terminate other instances. Of course, this then needs limitations on who can edit Tags.
I'll admit I was lazy — I made one IAM Role that would work with both Stopinators, but it should be scoped-down to be safer.