diff --git a/docs/topic/access-creds/cloud-auth.md b/docs/topic/access-creds/cloud-auth.md index 46eda9f9dc..7e6d908442 100644 --- a/docs/topic/access-creds/cloud-auth.md +++ b/docs/topic/access-creds/cloud-auth.md @@ -37,7 +37,7 @@ We have two ways to access AWS accounts. There are three units of organization in AWS that are relevant to 2i2c. AWS Accounts -: Collections of services and infrastructure that generated their own bills. Kind-of like `projects` in Google Cloud Platform. For example, the Kubernetes cluster we run for `uwhackweeks` runs in an Account dedicated for this. +: Collections of services and infrastructure that generated their own bills. Kind-of like `projects` in Google Cloud Platform. For example, the Kubernetes cluster `2i2c-aws-us` runs in a dedicated AWS Account. AWS Organizations : Organizations are basically collections of accounts. They make it easy to group **access** to multiple accounts via things like [AWS Single Sign On](cloud-access:aws-sso). Every AWS Organization has a "Management Account" that defines all of the other accounts in the organization. diff --git a/eksctl/ssh-keys/secret/uwhackweeks.key b/eksctl/ssh-keys/secret/uwhackweeks.key deleted file mode 100644 index 81881c6d4a..0000000000 --- a/eksctl/ssh-keys/secret/uwhackweeks.key +++ /dev/null @@ -1,21 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:xbTtpdd2v2DA/RJfAmk8WHSTuEG/sEMyKio8eQx84P1T96oGMPf5wurG1c7w1tSgz1Tt6Wnu2ZvzN+1btz6xHmEu/Ajr1mjjmcrkuEEaMC8HWZY+1lzPV1CfXw8GiV8uYLZvtArwUfJF+M1P00ISTo59yk5fQNuSgUFk8ozhQ+Y0vZf+zaeI/nnpfHzKiUgHbmw54TAE3cQnFEKGcGs5RXyGNGZ75R3ryn6XVNyUTZ4lPaTO9SFssiSW42rjAyxBLZ7G9nANZf3tKYIABreQyLoNStFVULyxtx0QswLNENA4A4YWF06SUXdY18JeJnMYxTUwFq9EzCLa80CCYira+eRtIoG4Yj+R44/8ZnyIja7CWzTWivV7xMIFRJzgCxipWaFjlQ9z6aPslkHPdiOuIQGWE4Iuy+jq15srST8yVAGmaohlEII7SKIGTyplMCHm1AW9QyTipo2TVIlAuuHyI3ijLXj6ButJc5zU5rij16o8nkbraPrQmMFtSUvV4qnItEqTwzoWdu71JMZi3AJ2Q38CdwL/i2NOl71/Ty6lu91fVByB8+as/2JJe3v3Yu5xnxJteqTJzYC3fX3WuMaMmLQQFQ/TcVHW/pslY3Q8fPTc8jJ3gdmPogslYntQcRtBlU4wlGnw3fuPYdddo0L/lPatoUREKHWzW/EUqUBDJWmlCITA0WoMQOBT/mrpuOiEOApzgfGoTx+FVgoPMAX2v8OtsJ5neNFUKfqCMBSRPyN07IgylZibK0TR2GV4PP6AdMhvMmJhPOwC/k66eo36/giH+E6KbyBhcRL+z4e5ObuqgDBMZsE64T+y0/PeXq+NI0bFQSGuXNVpDxtHjOgwEOlP3Kv6DYomjgZpuYgUVe/cNjODN9pq0FdXjh9pak8AhEN0qGC8r3a9x+iSqBZpSRKatFnjgeK3rsxllJ86hn8LKybfyY42ZfEu1HrCyVFauP1pmnJ9tj3StaUwIF/aIyyzhA0ZgGNKmXf6/2PWZZTWVFwmenlEC+0DKHMgKI/yLcdINT8G7dKUUT6J/yeh6DckndKvr5eIWRy4qURQ2mIT0l1Ez/52XsgbPSxTBRSKFiBhZvGHgIN0MTg+Vk9a1BIDfYIujDMCxIpAGGhHVOGwOKPZT1fMr8iiNxYt1QDlQyvAMmYVmS3LcZgweOkHtz3M5abQP7o/BilikFtE2SPnyNDPK0jilejgv90F/Bn8UC5xn42X7OHi4jTIlWHEEn+2ChP/jnLpUQ5IT14gN2Pe1Wy3CznuMEnAdKk65FT6Huebh50P/7OMv3CfDHAWHx5ztPbZQQpxzBHrSAVSpk9ollEmR7Kf2ZOe/tmShcn9ZUYrqTQLRdvqHjbLCGMZOwCCJvbwSYAjx8rWJoWUgngvvHhL3ze2Yd6kM7jFF7lAkUN+z+trelDZL1FV8X+OmfeeaFLmqHVHxi62ffnArMCIamojFv8jn1+nqnNvL6EmV8iOQ+qtdE7P/6nEUjbDh0aYtASJVfZgwlpCem71fEh/6nNxs+6NM4mxTpaYLLQFK5j2PLFtCmyLcekoCscR0FNMB3YZd8mMuM4n2gUoRjzbwQANuAhgIdtLkBpAbS85KXeetJFUcgbZVk9Tg6ZGG0X42bFQk5B7Y/4SrqnKjh71a+gUPOu3isdO8ljAba3ies0K5FG+6VlmvyyVIhKgqjOPmWoGZSwOhqNjBI4OXwAl6wn8yvlNhyH8XTdMeD2Zm9pg5yVph00q9hWEz0w8bGjol6rjWLbtv9ukur/EV9jVmpMG8FvnaqkfMHSOWBp1C47iiYETNoiAPq8mHJBnKiiRq1Lf7Vm19tBPpOuPap80B57sGBBbX6ha9XtMQJqJ2IcBARCP8y7I4JLU+3YArzkQATl5+G29cR8rQbHGgCCXCFsG0pOF0QNfIcwFr10b/mwFeZiSoLYY65+v+CJJwYMDA+Js2EPtxvY6VYJmVLw4owF+i4nommo00r4AgiOUqRNrBv5/Q4exFWJgUgG8cA4E9w9Yhkwp7WmCLkA5FPf5mr68a3RIcIX7Wfj9GeJBttzQTjb6oMfCBw4fuVBW6C1xfDRzAHv2AfUpNjEBbeIN81Na+VTnyw+STeihFFgWfaHt1Rq8YztRwg08PAqZmFYscWOqIuM+4suAyml6yvQ3CDxFjlwndWYKTGOac/pOqOEBkalhZXz3KtEiRJgbeotuLh7oA23kEZanCth+hERT2/kI4eP2nwrKHdWIaVygtn/1GnfKeqbJanEqZft5ouwTIMBzxQz7R+lI9iNLIgGxpjYgFlelgNGFknst2IHMhg4xjpBI7TVFfkq+dxaqTG12M5iuI6Ia7aoI9uoPLalSBx+bxBpVQfoAZhNF5xGADI9Tb3jkI1CIPYx3DUQ/DTm0rO/H02Szy11+aiEQBxQwvxBYC5EdfSakhM30eJ0RO3Cx0mEfRYSB2uQo6D+5xokdjlZzMiiCRcmq35D6Cf8ix0KApUmzNKAgxCNzPC9cOH/teMH46hDv44LahPZHdgT6o2Q+lYBqCHPQc2n90RSglxyMHNMPqvqenGrhhYMahXWFL4FmU3YHnUqAVhZlAADuoXz05qHfwWvnYsXmTGyRYCpuLj7qQOhZchX3a/TBQeF1ZiHLC+VUzM2EUm/9antJRA/ioPIwEr4RBDJnHoC7n7ShEcc2dfQzHzY+tZY/X3R7aMYJBHJr5E0oahAVoqRQCxKL1n/HYVGSLTKP33cZju6+gn/0XZOu689bKxf6rgfcqEUTUC06mBrT3MDmhGTj9IUVTFKcQZbzln25jArkkzms3mEISCB3IJVDMZvcWq7I4yfEtETmBZ/p7mcSr6X0s7XuqkgX3r79LB3A94wl5gI//FBfKBnY2BqyphbNFWR54rPhcCfnOGu5UC6Dgrt7ND8Q++3Jv38PGMsYGxqBZ7VSuT39VqUKMWasXFfEOziqEDJqeHq9B5LzGtLtmQr3TL1GEs6LMUbM/0rm9t8fgPRj5LqjEt5HhTtiu5sIgh3WIyquzu06vbek4D8ILRpBE2Al0VjjDSY4DFizLTEsxBVzsfcPIEXR9vyqyeRpp3Bz//PYMLG9o8/zrq+lTbPYa2gavvhhTLFHuSD+FY32+NJWnBPQJ/pNhUBK3F2wFRxbQX/LkNrvvaqtg2QdSSKybVLmf5SCDxmmi/q8tBciYJD4ReeMU/2nyQz9BcSsAimP9cBjPzlCF1AdDAOmAIl+Vw61PQBNn2yjSXgfgnVWgD7tTYq9DFSga4NFL7TxygkC18bimALgQV9rjjEH/g2QIOWLa8a6R/qOMnHlG5z/w1MTkbBmFadLo/vh9ba+2oipHwze9AHGAXnuKEDf1XrYgVJHKT1TfmylyuwDX+5pBkcSkXemO06obnzdvAyQIstXJ9P4EtYsvRx9xiM1CJlw+MDQgXbAa1pS/c8OY6VEWvYeZFlH/58XEbdK3aiNHsahoOTkIJ9FJlddHI/zoE3e,iv:7at58QkfaozyJpvA2YS4oonE8OQa35fT+Xso3Sac1/8=,tag:NT3XOmebTvvbvGNI3o0qMQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": [ - { - "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2022-02-07T07:16:31Z", - "enc": "CiQA4OM7eDQx9NzUnUPQwpkLoujckxKMQkil1IbTqhauhP8KOawSSQAZvYDZhUi/dyZf6uR+SD/FCbzJZggZKkkHabDSXJenaGSFx7ZHmM6lBiL1lcY9QuRsI/g9Ze8NCNziWVanqbpZTM0xy21DWhE=" - } - ], - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2022-02-07T07:16:32Z", - "mac": "ENC[AES256_GCM,data:M0Lu58a3ZufHUhAXykp6usbUxiOlePfon57EKmBiYD53BrIYU8Cmj4AXzq3BAJXCZdYM7J3HRrgOWu1Bl0Lul9q0PFmxSv2IsStEXxa+CR6/4JLz11nAbIzszua9qBJlw28YEIvAZvHtFhUoLC6qbno3cpooXh4ezReSivUm/5w=,iv:A15YjyGiqBuvNlE5Hpqr8Nl0ZrW+FgZdDa0lqy3Dlyk=,tag:UWlQVy3mzSNnbfghegqKdw==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/terraform/aws/projects/nasa-cryo.tfvars b/terraform/aws/projects/nasa-cryo.tfvars index ccd4a86974..57255c60d1 100644 --- a/terraform/aws/projects/nasa-cryo.tfvars +++ b/terraform/aws/projects/nasa-cryo.tfvars @@ -29,7 +29,7 @@ hub_cloud_permissions = { # buckets, without having to explicitly list them. However, we don't want # to give access to all *internal* s3 buckets willy-nilly - this can be # a massive security hole, especially if terraform state is also here. - # As a temporary measure, we allow-list buckets here. Same as uwhackweeks. + # As a temporary measure, we allow-list buckets here. extra_iam_policy : <<-EOT { "Version": "2012-10-17", @@ -64,7 +64,7 @@ hub_cloud_permissions = { # buckets, without having to explicitly list them. However, we don't want # to give access to all *internal* s3 buckets willy-nilly - this can be # a massive security hole, especially if terraform state is also here. - # As a temporary measure, we allow-list buckets here. Same as uwhackweeks. + # As a temporary measure, we allow-list buckets here. extra_iam_policy : <<-EOT { "Version": "2012-10-17",