Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a workspace-specific IAM role for writing to the Terraform state #250

Draft
wants to merge 6 commits into
base: develop
Choose a base branch
from
Draft

Add a workspace-specific IAM role for writing to the Terraform state #250

wants to merge 6 commits into from
+74 −0

Conversation

jsf9k
Copy link
Member

@jsf9k jsf9k commented Sep 27, 2024
edited
Loading

🗣 Description

This pull request adds a workspace-specific IAM role that allows for writing the Terraform state.

💭 Motivation and context

Certain trusted users would like permission to redeploy their own COOL environments.

🧪 Testing

All automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge checklist

@jsf9k jsf9k added documentation This issue or pull request improves or adds to documentation improvement This issue or pull request will add or improve functionality, maintainability, or ease of use terraform Pull requests that update Terraform code labels Sep 27, 2024
@jsf9k jsf9k self-assigned this Sep 27, 2024
@jsf9k jsf9k changed the title Add an workspace-specific IAM role for writing to the Terraform state Add a workspace-specific IAM role for writing to the Terraform state Sep 27, 2024
@jsf9k jsf9k added the hacktoberfest-accepted Pull request that should count toward Hacktoberfest participation label Oct 1, 2024
@jsf9k jsf9k force-pushed the improvement/add-iam-role-for-writing-terraform-state branch from 6600c26 to 60dd8bb Compare October 2, 2024 20:04
@jsf9k
Add an IAM policy and role that allows reading and writing to the Ter…
00c07d7 
…raform state

The intent of this role is that selected users could assume it to
redeploy their own COOL environments.

Note that this role is workspace-specific, so if access is granted
then users can only defile their own COOL environment.
@jsf9k
Add the Terraform state read-write role as an output
3bd9c0c
@jsf9k
Revert to the default branch of cisagov/terraform-state-read-role-tf-…
7e92577 
…module

We can do this now that cisagov/terraform-state-read-role-tf-module#37
has been merged.
@jsf9k
Add a script for tainting all assessment instances
2586eef 
Note that this does not include the Guacamole or Samba instances.
@jsf9k jsf9k force-pushed the improvement/add-iam-role-for-writing-terraform-state branch from 09745ce to 2586eef Compare October 6, 2024 19:38
@jsf9k
Temporarily use a non-default branch of cisagov/terraform-state-read-…
e0911be 
…role-tf-module

This is being done for testing purposes, and this change can be
reverted once cisagov/terraform-state-read-role-tf-module#39 is
merged.

Also update the module arguments as necessary to match the code in the
non-default branch.
@jsf9k jsf9k mentioned this pull request Oct 9, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r Awaiting requested review from dav3r dav3r will be requested when the pull request is marked ready for review dav3r is a code owner

@felddy felddy Awaiting requested review from felddy felddy will be requested when the pull request is marked ready for review felddy is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj will be requested when the pull request is marked ready for review mcdonnnj is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@jsf9k jsf9k

Labels
documentation This issue or pull request improves or adds to documentation hacktoberfest-accepted Pull request that should count toward Hacktoberfest participation improvement This issue or pull request will add or improve functionality, maintainability, or ease of use terraform Pull requests that update Terraform code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jsf9k