Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create & initialise a new AWS account #41

Open
3 tasks
SamLR opened this issue Aug 24, 2022 · 1 comment
Open
3 tasks

Create & initialise a new AWS account #41

SamLR opened this issue Aug 24, 2022 · 1 comment
Labels
Epic

Comments

@SamLR
Copy link
Contributor

SamLR commented Aug 24, 2022
edited
Loading

We want a new, secure, AWS account that can be used by engineers to deploy kubernetes clusters into.

Acceptance Criteria

  • New account created as part of corp-infra
  • Service control policy (SCP) created and applied that limits actions to those necessary to create EKS clusters & administer them
  • Roles created for use by Weaveworks employees:
    • Administrator -- assumable by members of Blazing bonfire (this will have all permissions allowed by the SCP)
    • User -- assumable by anyone who will be able to create clusters this will only have the minimum permissions necessary to run eksctl
    • Readonly -- optional but probably something we can grant to anyone in the company in order to view the account

This will need to be done on the https://github.com/weaveworks/corp-infra repo and reviewed/applied by IT

cf https://github.com/weaveworks/corp/issues/2951
@SamLR SamLR added the Epic label Aug 24, 2022
@SamLR SamLR self-assigned this Aug 26, 2022
@SamLR
Copy link
Contributor Author

SamLR commented Aug 26, 2022

https://github.com/weaveworks/corp-infra/pull/27 covers account creation. Think we may need to look for another/new github repo to handle creation of the IAM roles etc (this would likely form the basis for any other shared infra in future expansions)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Epic
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SamLR