I'm trying Spinnaker to bake and deploy AMIs to AWS Auto Scaling Group. The problem is, the instance needs too many permissions. As stated in Spinnaker blog post (i.e. "In today's world, it is often seen as bad practice to give tools total access to your environments"), I want to know whether there's a way to restrict spinnaker instance permissions, yet still allow users to deploy their applications to their own clusters, e.g. if they're authorized to do so in AWS.
Sure, the doc says that you can restrict access to applications, but is that enough? Can an application A's member somehow (e.g. in a pipeline stage) call AWS APIs utilizing Spinnaker's permission? (hence being able to modify application B's clusters). Let's say that SSH access to the Spinnaker instance is already disabled
With authorization correctly setup, application A's member should not be able to modify application B if they don't have permission (see here). This guard is in place at the Spinnaker application level, not the cloud provider (EC2) platform level.
Spinnaker was architected with "god mode" credentials - so in fact the same credentials are being used to manipulate application A and B cloud resources.