-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate IAM Policy with all required Actions #740
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! Can we add a doc page that shows the policy for a few key examples?
kill ${{ env.iamlive_pid }} | ||
while $(kill -0 ${{ env.iamlive_pid }} 2>/dev/null); do sleep 1; done; | ||
cat ${HOME}/policy.json | ||
aws s3 cp ${HOME}/policy.json s3://eks-blueprints-iam-policies/${{ matrix.example_path }}.json |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- We should make the bucket name either a workflow global env variable or a github secret to ensure its defined in one place correctly (is it
terraform-eks-blueprints-iam-policies-examples
oreks-blueprints-iam-policies
?) - do we need to add in a git ref or something so that PRs aren't clobbering one another? adding something like
/${{ github.ref }}/
into the prefix? - If we do that, do we need/want to set a lifecycle policy on these
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- set as global env var, correct bucket name was set (good catch!)
- currently the python script merges all the files seeing in the bucket, as of now we cant run multiple parallel e2e flows at the same time.
I made the suggested change but then thought about it, the current script is merging all the files seeing in this bucket, as we go we can start tweak this around according to use case, I did enable versioning on the bucket for now just in-case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks great - should turn this into a GitHub action
* feat: generate iam policy per example * feat: add final policy generator script * chore: clean code - workflow env, one liner syntax * chore: bucket name as global env * fix: place policy per gh ref * fix: revert bb18d5
What does this PR do?
Motivation
More
pre-commit run -a
with this PRNote: Not all the PRs required examples and docs except a new pattern or add-on added.
For Moderators
Additional Notes