New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add asset-manager project #125

Merged
merged 1 commit into from Jul 26, 2017

Conversation

Projects
None yet
2 participants
@chrisroos
Contributor

chrisroos commented Jul 17, 2017

We're updating the Asset Manager app to store and serve files from AWS
S3. This commit adds an asset-manager project to configure the S3 bucket
for file storage and the IAM user that can read/write files in that
bucket.

Show outdated Hide outdated Rakefile Outdated
@surminus

This comment has been minimized.

Show comment
Hide comment
@surminus

surminus Jul 18, 2017

Contributor

How is this supposed to work with multiple TF_VAR_environment values?
I'd expected it to allow me to provision buckets/users in multiple
environments (test and integration, for example)

We use totally separate accounts for different "environments", so the GOV.UK Test account has a totally different set of credentials for the GOV.UK Integration account. The test account is just that, for testing so feel free to use that to deploy from your laptop etc. The GOV.UK Integration account should ideally be deployed using the Jenkins job. Same goes for Staging and Production.

How do I get the credentials of the created IAM user stored in
environment variables on the target server?

Puppet. Create the environment variables and get the app to read them in, and then add the secret keys in our credentials store.

Contributor

surminus commented Jul 18, 2017

How is this supposed to work with multiple TF_VAR_environment values?
I'd expected it to allow me to provision buckets/users in multiple
environments (test and integration, for example)

We use totally separate accounts for different "environments", so the GOV.UK Test account has a totally different set of credentials for the GOV.UK Integration account. The test account is just that, for testing so feel free to use that to deploy from your laptop etc. The GOV.UK Integration account should ideally be deployed using the Jenkins job. Same goes for Staging and Production.

How do I get the credentials of the created IAM user stored in
environment variables on the target server?

Puppet. Create the environment variables and get the app to read them in, and then add the secret keys in our credentials store.

@chrisroos

This comment has been minimized.

Show comment
Hide comment
@chrisroos

chrisroos Jul 18, 2017

Contributor

We use totally separate accounts for different "environments", so the GOV.UK Test account has a totally different set of credentials for the GOV.UK Integration account. The test account is just that, for testing so feel free to use that to deploy from your laptop etc.

Where do I find the credentials for the test account, @surminus?

Puppet. Create the environment variables and get the app to read them in, and then add the secret keys in our credentials store.

I should be OK to add the environment variables to Puppet but where/what is the "credentials store"?

Contributor

chrisroos commented Jul 18, 2017

We use totally separate accounts for different "environments", so the GOV.UK Test account has a totally different set of credentials for the GOV.UK Integration account. The test account is just that, for testing so feel free to use that to deploy from your laptop etc.

Where do I find the credentials for the test account, @surminus?

Puppet. Create the environment variables and get the app to read them in, and then add the secret keys in our credentials store.

I should be OK to add the environment variables to Puppet but where/what is the "credentials store"?

@surminus

This comment has been minimized.

Show comment
Hide comment
@surminus

surminus Jul 18, 2017

Contributor
  1. You'll need a user adding. Someone with access will need to do this, so I'll create a Trello card on our backlog to do it.
  2. The credentials store is in our deployment repo - you probably don't have access, but quite a few people do. When you have the Puppet ready we can look at doing this.
Contributor

surminus commented Jul 18, 2017

  1. You'll need a user adding. Someone with access will need to do this, so I'll create a Trello card on our backlog to do it.
  2. The credentials store is in our deployment repo - you probably don't have access, but quite a few people do. When you have the Puppet ready we can look at doing this.
@chrisroos

This comment has been minimized.

Show comment
Hide comment
@chrisroos

chrisroos Jul 18, 2017

Contributor

@surminus: I can see that the access and secret keys of my created IAM user end up in the terraform-asset-manager.tfstate file that's stored on S3. Do we manually copy them from there and paste them into the environment specific hieradata?

Contributor

chrisroos commented Jul 18, 2017

@surminus: I can see that the access and secret keys of my created IAM user end up in the terraform-asset-manager.tfstate file that's stored on S3. Do we manually copy them from there and paste them into the environment specific hieradata?

Add asset-manager project
We're updating the Asset Manager app to store and serve files from AWS
S3. This commit adds an asset-manager project to configure the S3 bucket
for file storage and the IAM user that can read/write files in that
bucket.

@chrisroos chrisroos changed the title from WIP: Add asset-manager project to Add asset-manager project Jul 20, 2017

@chrisroos

This comment has been minimized.

Show comment
Hide comment
@chrisroos

chrisroos Jul 20, 2017

Contributor

Hi @surminus. I've tidied this PR and am now ready for a review in order to get it merged. Is that something you can do or should I ask someone else?

Contributor

chrisroos commented Jul 20, 2017

Hi @surminus. I've tidied this PR and am now ready for a review in order to get it merged. Is that something you can do or should I ask someone else?

chrisroos added a commit to alphagov/govuk-puppet that referenced this pull request Jul 20, 2017

Add S3 bucket config to Asset Manager
We're enhancing Asset Manager to upload files to, and serve files from
S3. This PR sets the AWS environment variables required by Asset
Manager.

We're safe to use the standard AWS environment variable names because we
rely on `govuk_setenv` to provide each application with its own
environment.

See the related PRs in asset-manager and govuk-terraform-provisioning:

* alphagov/asset-manager#74
* alphagov/govuk-terraform-provisioning#125

@chrislo chrislo referenced this pull request Jul 20, 2017

Closed

Use S3 for storing and serving assets #76

10 of 10 tasks complete

chrisroos added a commit to alphagov/govuk-puppet that referenced this pull request Jul 21, 2017

Add S3 bucket config to Asset Manager
We're enhancing Asset Manager to upload files to, and serve files from
S3. This PR sets the AWS environment variables required by Asset
Manager.

We're safe to use the standard AWS environment variable names because we
rely on `govuk_setenv` to provide each application with its own
environment.

See the related PRs in asset-manager and govuk-terraform-provisioning:

* alphagov/asset-manager#74
* alphagov/govuk-terraform-provisioning#125
@surminus

I think this looks OK 👍

@chrisroos

This comment has been minimized.

Show comment
Hide comment
@chrisroos

chrisroos Jul 26, 2017

Contributor

Thanks @surminus. I'm going to get this merged.

Contributor

chrisroos commented Jul 26, 2017

Thanks @surminus. I'm going to get this merged.

@chrisroos chrisroos merged commit 4b49c06 into master Jul 26, 2017

@chrisroos chrisroos deleted the add-asset-manager-project branch Jul 26, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment