Menu
I've created a CloudFormation template and would like to store it on my Public GitHub account.
I've created an IAM role that is associated with environments at creation. To achieve this I've included the ARN value of the Role in the environment configuration:
"WebServerEnvironment" : {
"Type" : "AWS::ElasticBeanstalk::Environment",
"Properties" : {
"OptionSettings":[
{
"Namespace" : "aws:autoscaling:launchconfiguration",
"OptionName" : "IamInstanceProfile",
"Value" : "arn:aws:iam::1234567890:instance-profile/myCloudFormationNameHere"
}]
My question is, could this ARN value be used to compromise my app? Or due to the account specific nature of IAM access is this information safe in the public domain?
837
asked Oct 17 '25 00:10
If I'm not mistaken an ARN is not account specific but global. But on its own it's not super critical, since it is only a unique, but not too nice name for a resource.
Nevertheless, does this really need to go into source control? Couldn't this be solved with instance metadata / user data? http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
