Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cleanup: remove unused resources associated to former EC2 VM agents and their AMIs #473

Merged
merged 1 commit into from
Oct 19, 2023
Merged

cleanup: remove unused resources associated to former EC2 VM agents and their AMIs #473

merged 1 commit into from
Oct 19, 2023

Conversation

dduportal
Copy link
Contributor

Related to jenkins-infra/helpdesk#3662, this PR removes resources unused for months since we moved away VM agents from AWS (ref. jenkins-infra/helpdesk#3502).

@dduportal
cleanup: remove unused resources associated to former EC2 VM agents a…
6f9c469 
…nd the maintenance of their AMIs

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
@dduportal dduportal requested review from a team, lemeurherve and smerle33 October 19, 2023 09:52
@dduportal dduportal mentioned this pull request Oct 19, 2023
Open
dduportal
dduportal commented Oct 19, 2023
View reviewed changes
ec2-agents.tf
Comment on lines -2 to -4
data "aws_iam_user" "jenkins_infra_ci" {
user_name = "jenkins-infra-ci"
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: to be deleted manually (tracked in jenkins-infra/helpdesk#3662 (comment))

dduportal
dduportal commented Oct 19, 2023
View reviewed changes
ec2-agents.tf
Comment on lines -57 to -59
data "aws_iam_user" "jenkins_ci" {
user_name = "jenkins-ci"
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: to be deleted manually (tracked in jenkins-infra/helpdesk#3662 (comment))

@dduportal
Copy link
Contributor Author 

Plan: 0 to add, 0 to change, 11 to destroy.

as expected

@dduportal dduportal merged commit 2c240e8 into jenkins-infra:main Oct 19, 2023
7 checks passed
@dduportal dduportal deleted the cleanup/ec2-agents-and-amis branch October 19, 2023 10:11
@dduportal
Copy link
Contributor Author

For info, the terraform apply of this PR failed with the following error:

Error: removing policy arn:aws:iam::<redacted>:policy/jenkins_ec2_agents from IAM User jenkins-ci: AccessDenied: User: arn:aws:iam::<redacted>:user/<redacted> is not authorized to perform: iam:DetachUserPolicy on resource: user jenkins-ci because no identity-based policy allows the iam:DetachUserPolicy action

3 times (for the 3 users: updatecli , jenkins-ci and jenkins-infra-ci`).

Proposal: No need to add the permission iam:DetachUserPolicy to our technical users (in the private repo jenkins-infra/terraform-states) for safety reasons. Since this is a one-time operation, i'll detach the permissiosn from users and will re-trigger the terraform job

@dduportal
Copy link
Contributor Author

Done with success!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lemeurherve lemeurherve lemeurherve approved these changes

@timja timja timja approved these changes

@smerle33 smerle33 Awaiting requested review from smerle33

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dduportal @timja @lemeurherve