Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create the cloud-governance infra: User, Policy, Bucket #834

Merged
merged 1 commit into from
Sep 17, 2024
Merged

Create the cloud-governance infra: User, Policy, Bucket #834

merged 1 commit into from
Sep 17, 2024

Conversation

athiruma
Copy link
Collaborator

@athiruma athiruma commented Sep 11, 2024
edited
Loading

Type of change

Note: Fill x in []

  • bug
  • enhancement
  • documentation
  • dependencies

Description

Create the CloudGovernance Infra:

  • User
  • Policy
  • Bucket
  • AccessKey

Created the terraform script to create the resources.

Note: Access Keys will be displayed on the terminal output, copied and shared with the user.

For security reasons, all pull requests need to be approved first before running any automated CI

@ebattat
Copy link
Collaborator

ebattat commented Sep 11, 2024

@athiruma, do u want to add how_to image ?

@athiruma
Copy link
Collaborator Author

@athiruma, do u want to add how_to image ?

Writing README docs

@athiruma athiruma force-pushed the docs_create_iam branch 5 times, most recently from 869e7c2 to 94a1b57 Compare September 11, 2024 10:06
@athiruma
Copy link
Collaborator Author

@athiruma, do u want to add how_to image ?

Writing README docs

Done, please verify the docs

@ebattat ebattat added the documentation Improvements or additions to documentation label Sep 11, 2024
@ebattat ebattat self-requested a review September 11, 2024 12:10
@athiruma
Copy link
Collaborator Author

/review @ebattat

ebattat
ebattat reviewed Sep 12, 2024
View reviewed changes
iam/clouds/aws/CloudGovernanceInfra/README.md

```shell
./create_infra.sh --help
```
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you want to add image that the explain the process ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

./create_infra.sh --username "$USERNAME" --s3-bucket-name "$BUCKET_NAME" --policy-type delete
Dont need to run
terraform destroy

jenkins/tenant/aws/README.md Outdated
1. Create AWS User and attach user by [CloudGovernanceDeletePolicy.json](../../../iam/clouds/aws/CloudGovernanceDeletePolicy.json). [ Note: Replace account_id with actual account id]

1. Create AWS User and attach user
by [CloudGovernanceDeletePolicy.json](../../../iam/clouds/aws/CloudGovernanceCloudCreds/CloudGovernanceDeletePolicy.json). [ Note: Replace account_id with actual account id]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why its different from the create infra flow ?

@athiruma athiruma force-pushed the docs_create_iam branch 4 times, most recently from a7868c1 to 7da3b80 Compare September 12, 2024 09:59
ebattat
ebattat reviewed Sep 12, 2024
View reviewed changes
iam/clouds/aws/CloudGovernanceInfra/README.md Outdated
- Install [AWS-CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
- Configure IAM Access credentials.
- Permissions required for the User.
```json lines
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why we need to display it in the readme, and why its include delete policies ?

jenkins/tenant/aws/README.md
5. Add account_name to account variable in this [PolicyJenkinsfileDaily](../aws/template/PolicyJenkinsfileDaily) and [TaggingJenkinsfileHourly](../aws/template/TaggingJenkinsfileHourly).
6. Create two Jenkins jobs by using this two Jenkinsfile

1. Create IAM User with Read/Delete Permissions and create S3 bucket.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you need to update the readme to use terraform steps
Also pls add the tfvars file for variable

@athiruma athiruma force-pushed the docs_create_iam branch 2 times, most recently from e55046b to e760460 Compare September 12, 2024 11:27
ebattat
ebattat reviewed Sep 12, 2024
View reviewed changes
iam/clouds/aws/CloudGovernanceInfra/README.md

```shell
./create_infra.sh --help
```
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

./create_infra.sh --username "$USERNAME" --s3-bucket-name "$BUCKET_NAME" --policy-type delete
Dont need to run
terraform destroy

iam/clouds/aws/CloudGovernanceInfra/README.md Outdated

```shell
terraform init
terraform apply -var=IAM_USERNAME="${USERNAME}" -var=IAM_POLICY_NAME="${IAM_POLICY_NAME}" -var =S3_BUCKET_NAME="${S3_BUCKET_NAME}"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pls put the value of
USERNAME
IAM_POLICY_NAME
S3_BUCKET_NAME

@athiruma athiruma force-pushed the docs_create_iam branch 2 times, most recently from 3064efc to 3c1fa18 Compare September 13, 2024 06:33
@athiruma
Copy link
Collaborator Author

/review @ebattat
Added the module structure

@ebattat
Copy link
Collaborator

ebattat commented Sep 13, 2024

@athiruma, pls remove all the readme file in module and have only 1 readme with working steps:

  1. Deploy S3 bucket (once for logs)
  2. Deploy IAM read role (dry_run==yes)
  3. Deploy IAM delete role(dry_run==no => actions)

@athiruma
Copy link
Collaborator Author

@athiruma, pls remove all the readme file in module and have only 1 readme with working steps:

  1. Deploy S3 bucket (once for logs)
  2. Deploy IAM read role (dry_run==yes)
  3. Deploy IAM delete role(dry_run==no => actions)

done

ebattat
ebattat reviewed Sep 13, 2024
View reviewed changes
iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceReadPolicy.json Outdated
],
"Resource": "*"
},
{
"Sid": "EC2AccountLevel",
"Effect": "Allow",
"Action": [
"ec2:DeleteTags",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need it in Read policy: ec2:DeleteTags

iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceReadPolicy.json Outdated
@@ -70,7 +76,8 @@
"Action": [
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:DescribeLoadBalancers"
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:RemoveTags"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"elasticloadbalancing:RemoveTags" read policy ?

@ebattat ebattat merged commit 4990578 into redhat-performance:main Sep 17, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ebattat ebattat ebattat left review comments

Assignees

@athiruma athiruma

Labels
documentation Improvements or additions to documentation
Projects
Cloud-Governance project
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@athiruma @ebattat