Add instructions for operators re allowing users to redeploy environm…

…ents

In certain cases we want to allow specific users to redeploy their own
assessment environments.  Note that this isn't a full redeployment,
but merely a tainting and then redeployment of all assessment
instances - currently all instance types with the exception of
Guacamole.

This document is intended to explain to operators how to initially
deploy such an environment and grant specific users the ability to
redeploy it.

AllowingUsersToSelfRedeploy-Operators.md

@@ -0,0 +1,38 @@
+# Allowing Users to Redeploy Their Own Environments #
+
+In certain cases we want to allow specific users to redeploy their own
+assessment environments.  Note that this isn't a full redeployment,
+but merely a tainting and then redeployment of all assessment
+instances - currently all instance types with the exception of
+Guacamole.
+
+This document is intended to explain to operators how to initially
+deploy such an environment and grant specific users the ability to
+redeploy it.
+
+## Configure the `*.tfvars` file ##
+
+Add an `iam\_users\_allowed\_to\_self\_deploy` variable to the
+appropriate `*.tfvars` file.  This variable should be a list of
+strings, each of which is the name of a valid IAM user in the COOL
+Users account.  E.g.:
+
+```hcl
+iam\_users\_allowed\_to\_self\_deploy = ["first1.last1", "first2.last2"]
+```
+
+## Run the `terraform\_apply.sh` script ##
+
+Use `terraform workspace select` to switch to the appropriate
+Terraform workspace and then simply run the `terraform\_apply.sh`
+script as you normally would, e.g.:
+
+```console
+AWS\_SHARED\_CREDENTIALS\_FILE=~/.aws/staging\_credentials AWS\_PROFILE=cool-user AWS\_DEFAULT\_REGION=us-east-1 terraform workspace select env6-staging
+```
+
+followed by:
+
+```console
+AWS\_SHARED\_CREDENTIALS\_FILE=~/.aws/staging\_credentials AWS\_PROFILE=cool-user AWS\_DEFAULT\_REGION=us-east-1 ./terraform\_apply.sh -var-file=env6-staging.tfvars
+```