WAF and permission fixes

- [x] ThrottlingBurstLimit &ThrottlingRateLimit configuration

WAF & Timeout
```
2. WAF , but make it optional and enabled by default . Who wants can remove it and use other solutions
3. https://1111111111.execute-api.eu-central-1.amazonaws.com/default/access-requester 20s timeout in case of empty POST request
```

IAM permissions review for SSO Elevator lamdas
```
'iam:Pass*', + "*" = Bad 
 'iam:AttachRolePolicy',
        'iam:PutRolePolicy',
        'iam:GetRole',
        'iam:CreateRole',
        'iam:ListRolePolicies',
        'iam:ListAttachedRolePolicies',

      'arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*/AWSReservedSSO_*',
        'arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_*',
Are we creating roles/policy?
```



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

WAF and permission fixes #103

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

WAF and permission fixes #103

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions