Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attach policy to specified users allowing assumption of the Terraform state read-write role #254

Merged
merged 7 commits into from
Oct 18, 2024
Merged

Attach policy to specified users allowing assumption of the Terraform state read-write role #254

merged 7 commits into from
Oct 18, 2024

Conversation

jsf9k
Copy link
Member

@jsf9k jsf9k commented Oct 18, 2024
edited
Loading

🗣 Description

This pull request attaches a policy to specified users allowing assumption of the Terraform state read-write role. It also adds:

  • Instructions for operators to help them initially deploy such an environment and grant specific users the ability to redeploy it.
  • Instructions for users to help them to set up locally and then redeploy an environment.

See also cisagov/cool-assessment-provisioner-iam#30.

💭 Motivation and context

It is better to attach the policy in Terraform instead of requiring operations to do so manually in the AWS console.

🧪 Testing

All automated tests pass. I deployed these changes to env6 in our COOL staging environment and verified that they function as expected.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
  • All new and existing tests pass.

@jsf9k jsf9k added documentation This issue or pull request improves or adds to documentation improvement This issue or pull request will add or improve functionality, maintainability, or ease of use hacktoberfest-accepted Pull request that should count toward Hacktoberfest participation terraform Pull requests that update Terraform code labels Oct 18, 2024
@jsf9k jsf9k self-assigned this Oct 18, 2024
jsf9k added a commit to cisagov/cool-assessment-provisioner-iam that referenced this pull request Oct 18, 2024
@jsf9k
Allow assumption of the Users account provision role
dd72c01 
This is necessary due to the changes in
cisagov/cool-assessment-terraform#254.
@jsf9k jsf9k mentioned this pull request Oct 18, 2024
Merged
6 tasks
@jsf9k jsf9k force-pushed the improvement/attach-policy-to-users-allowing-assumption-of-tf-state-read-write-role branch from 900f20c to fa03a79 Compare October 18, 2024 16:11
@jsf9k jsf9k marked this pull request as ready for review October 18, 2024 16:43
@jsf9k jsf9k requested a review from a team October 18, 2024 16:43
dav3r
dav3r approved these changes Oct 18, 2024
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, other than the one missing word that I noted. 👍

RedeployingYourOwnEnvironment-Users.md Outdated Show resolved Hide resolved
@dav3r
Copy link
Member

dav3r commented Oct 18, 2024

After further reflection, I think that the two markdown files that you added don't belong in this repo. The info from those files should be passed to our Ops team and users so that it can be stored wherever they keep their various runbooks.

@jsf9k jsf9k force-pushed the improvement/attach-policy-to-users-allowing-assumption-of-tf-state-read-write-role branch from 83a861a to c20fff1 Compare October 18, 2024 19:08
@jsf9k
Copy link
Member Author

jsf9k commented Oct 18, 2024
edited
Loading

After further reflection, I think that the two markdown files that you added don't belong in this repo. The info from those files should be passed to our Ops team and users so that it can be stored wherever they keep their various runbooks.

Those commits have been removed and I have emailed the information to the relevant parties.

@jsf9k jsf9k enabled auto-merge October 18, 2024 19:09
@jsf9k jsf9k merged commit 55ca0ba into develop Oct 18, 2024
8 checks passed
@jsf9k jsf9k deleted the improvement/attach-policy-to-users-allowing-assumption-of-tf-state-read-write-role branch October 18, 2024 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dv4harr10 dv4harr10 dv4harr10 approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

Assignees

@jsf9k jsf9k

Labels
documentation This issue or pull request improves or adds to documentation hacktoberfest-accepted Pull request that should count toward Hacktoberfest participation improvement This issue or pull request will add or improve functionality, maintainability, or ease of use terraform Pull requests that update Terraform code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsf9k @dav3r @dv4harr10