← Back to Identity

Remediate: jenkins-worker-role

Select permissions to remove or modify based on least-privilege recommendations.

Impact Warning: Removing permissions may cause service interruptions if current activity wasn't captured in the 90-day window. We recommend using a staging environment first.

Select Actions

Annotation: Users can cherry-pick which security risks to address.

Detach 'AdministratorAccess'

This policy provides full access to all resources. It is highly over-privileged for this role.

+ Will be replaced by 'Scoped-Jenkins-Policy'

Remove Unused Service: KMS

KMS permissions haven't been used in 182 days.

Restrict S3 Access to specific bucket

Currently has access to all buckets (*). Recommendation: Restrict to 'prod-backups-01'.

Policy Preview (New)

                            {

                              "Version": "2012-10-17",

                              "Statement": [

                                {

                                  "Effect": "Allow",

                                  "Action": [

                                    "s3:GetObject",

                                    "ec2:DescribeInstances"

                                  ],

                                  "Resource": "*"

                                }

                              ]

                            }

Workflow Options

Implementation Method

Apply immediately Create Jira/ServiceNow Ticket Generate Terraform PR

Approver

Notes

This action will be logged in the Audit Trail.

Audit Log Preview

User: admin_user

Action: IAM_POLICY_REDUCE

Target: jenkins-worker-role

Changes: 2 policies modified