diff --git a/README.md b/README.md index 8e4f76e..5ecd4d5 100644 --- a/README.md +++ b/README.md @@ -105,7 +105,7 @@ pip3 install -r requirements.txt Given SES resources are deployed in the ECF LZ operations accounts, you'd need a role in that account to execute the Python script locally. At the time of this writing, the admin role on the operator account is sufficient. -> For local execution, the ECF LZ operations account role must be able to use the CMK corresponding associated with the environment variable: `CMK_SSE_KMS_ALIAS` and also assume corresponding roles associated with environment variables `QUERY_ORG_ACCOUNTS_ROLE_TO_ASSUME_ARN` and `ATHENA_QUERY_ROLE_TO_ASSUME_ARN`. These are resources deployed in the ECF LZ management account. At the time of this writing, the admin role on the operator account is sufficient. As we scale back on permissions, this will likely be revised further. +> For local execution, the ECF LZ operations account role must be able to use the CMK corresponding associated with the environment variable: `CMK_SSE_KMS_ALIAS` and also assume corresponding roles associated with environment variables `QUERY_ORG_ACCOUNTS_ROLE_TO_ASSUME_ARN` and `ATHENA_QUERY_ROLE_TO_ASSUME_ARN`. These are resources deployed in the ECF LZ management account. At the time of this writing, the admin role on the Operations account is sufficient. As we scale back on permissions, this will likely be revised further. Once the appropriate values as indicated above are available, you can easily run the script using the command: diff --git a/terraform/operations-account/main.tf b/terraform/operations-account/main.tf index 7c6e9b7..744aaba 100644 --- a/terraform/operations-account/main.tf +++ b/terraform/operations-account/main.tf @@ -680,7 +680,7 @@ resource "aws_ssm_parameter" "manual_run_environment_variables" { export RECIPIENT_OVERRIDE="your.email@here.ca" export CARBON_COPY="" export ATHENA_QUERY_ROLE_TO_ASSUME_ARN="arn:aws:iam::${var.lz_mgmt_account_id}:role/BCGov-Athena-Cost-and-Usage-Report" - export ATHENA_QUERY_DATABASE="cost_and_usage_report_athena_db + export ATHENA_QUERY_DATABASE="cost_and_usage_report_athena_db" export QUERY_ORG_ACCOUNTS_ROLE_TO_ASSUME_ARN="arn:aws:iam::${var.lz_mgmt_account_id}:role/BCGov-Query-Org-Accounts" export ATHENA_QUERY_OUTPUT_BUCKET="bcgov-ecf-billing-reports-output-${var.lz_mgmt_account_id}-ca-central-1" export ATHENA_QUERY_OUTPUT_BUCKET_ARN="arn:aws:s3:::bcgov-ecf-billing-reports-output-${var.lz_mgmt_account_id}-ca-central-1"