You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If users from multiple aws accounts have DAG in a single mwaa environment, It is important to restrict the users based on what aws resources they can access based on DAG level. @garystafford could we do this by adding a validation step in the ci/cd pipeline to check if the DAG policies are met by the users who write the DAGs?
The text was updated successfully, but these errors were encountered:
If this cannot can't be accomplished using AWS IAM or from within Airflow natively, then using a validation step in your CI/CD is logical. You could store permissions in a k/v store, like DynamoDB, and then query from the pipeline to validate user/DAG permissions.
If users from multiple aws accounts have DAG in a single mwaa environment, It is important to restrict the users based on what aws resources they can access based on DAG level. @garystafford could we do this by adding a validation step in the ci/cd pipeline to check if the DAG policies are met by the users who write the DAGs?
The text was updated successfully, but these errors were encountered: