Skip to content
This repository has been archived by the owner on Apr 26, 2022. It is now read-only.

Add asset-manager project #125

Merged
merged 1 commit into from
Jul 26, 2017
Merged

Add asset-manager project #125

merged 1 commit into from
Jul 26, 2017

Conversation

chrisroos
Copy link
Contributor

@chrisroos chrisroos commented Jul 17, 2017
edited
Loading

We're updating the Asset Manager app to store and serve files from AWS
S3. This commit adds an asset-manager project to configure the S3 bucket
for file storage and the IAM user that can read/write files in that
bucket.

surminus
surminus reviewed Jul 18, 2017
View reviewed changes
Rakefile Outdated
@@ -98,7 +98,7 @@ end
desc 'Configure the remote state location'
task configure_s3_state: [:validate_environment, :purge_remote_state] do
region = 'eu-west-1'
bucket_name = "govuk-terraform-state-#{deploy_env}"
bucket_name = "cjr-govuk-terraform-state-#{deploy_env}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make sure we don't merge this in!

@surminus
Copy link
Contributor

How is this supposed to work with multiple TF_VAR_environment values?
I'd expected it to allow me to provision buckets/users in multiple
environments (test and integration, for example)

We use totally separate accounts for different "environments", so the GOV.UK Test account has a totally different set of credentials for the GOV.UK Integration account. The test account is just that, for testing so feel free to use that to deploy from your laptop etc. The GOV.UK Integration account should ideally be deployed using the Jenkins job. Same goes for Staging and Production.

How do I get the credentials of the created IAM user stored in
environment variables on the target server?

Puppet. Create the environment variables and get the app to read them in, and then add the secret keys in our credentials store.

@chrisroos
Copy link
Contributor Author

We use totally separate accounts for different "environments", so the GOV.UK Test account has a totally different set of credentials for the GOV.UK Integration account. The test account is just that, for testing so feel free to use that to deploy from your laptop etc.

Where do I find the credentials for the test account, @surminus?

Puppet. Create the environment variables and get the app to read them in, and then add the secret keys in our credentials store.

I should be OK to add the environment variables to Puppet but where/what is the "credentials store"?

@surminus
Copy link
Contributor

  1. You'll need a user adding. Someone with access will need to do this, so I'll create a Trello card on our backlog to do it.
  2. The credentials store is in our deployment repo - you probably don't have access, but quite a few people do. When you have the Puppet ready we can look at doing this.

@chrisroos
Copy link
Contributor Author

@surminus: I can see that the access and secret keys of my created IAM user end up in the terraform-asset-manager.tfstate file that's stored on S3. Do we manually copy them from there and paste them into the environment specific hieradata?

@chrisroos
Add asset-manager project
c46e148 
We're updating the Asset Manager app to store and serve files from AWS
S3. This commit adds an asset-manager project to configure the S3 bucket
for file storage and the IAM user that can read/write files in that
bucket.
@chrisroos chrisroos changed the title WIP: Add asset-manager project Add asset-manager project Jul 20, 2017
@chrisroos
Copy link
Contributor Author

Hi @surminus. I've tidied this PR and am now ready for a review in order to get it merged. Is that something you can do or should I ask someone else?

chrisroos added a commit to alphagov/govuk-puppet that referenced this pull request Jul 20, 2017
@chrisroos
Add S3 bucket config to Asset Manager
2b27596 
We're enhancing Asset Manager to upload files to, and serve files from
S3. This PR sets the AWS environment variables required by Asset
Manager.

We're safe to use the standard AWS environment variable names because we
rely on `govuk_setenv` to provide each application with its own
environment.

See the related PRs in asset-manager and govuk-terraform-provisioning:

* alphagov/asset-manager#74
* alphagov/govuk-terraform-provisioning#125
@chrisroos chrisroos mentioned this pull request Jul 20, 2017
Merged
@chrislo chrislo mentioned this pull request Jul 20, 2017
Closed
10 tasks
chrisroos added a commit to alphagov/govuk-puppet that referenced this pull request Jul 21, 2017
@chrisroos
Add S3 bucket config to Asset Manager
87732eb 
We're enhancing Asset Manager to upload files to, and serve files from
S3. This PR sets the AWS environment variables required by Asset
Manager.

We're safe to use the standard AWS environment variable names because we
rely on `govuk_setenv` to provide each application with its own
environment.

See the related PRs in asset-manager and govuk-terraform-provisioning:

* alphagov/asset-manager#74
* alphagov/govuk-terraform-provisioning#125
surminus
surminus approved these changes Jul 25, 2017
View reviewed changes
Copy link
Contributor

@surminus surminus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this looks OK 👍

@chrisroos
Copy link
Contributor Author

Thanks @surminus. I'm going to get this merged.

@chrisroos chrisroos merged commit 4b49c06 into master Jul 26, 2017
@chrisroos chrisroos deleted the add-asset-manager-project branch July 26, 2017 09:42
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@surminus surminus surminus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@chrisroos @surminus