-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
None
As for now we are using a IAM user to make deployments into AWS accounts. This user privileges are managed in foundation-internal-base project. The problem with this approach is that the mentioned project needs to be manually deployed, and on top of that is not that good practice to use a IAM user for that.
Thanks to Rubén from SRE Team we have now the AWS accounts enrolled in their AWS Control Tower setup, which means we can benefit from "good practices". Thus, we can start using the sre-platform platform role and other Jenkins SRE available functionality.
To migrate the pipelines the following actions should be done:
- Add the withAWS line to the pipeline
- Run terraform init command with the param: backend-config='role_arn=arn:aws:iam::<foundation_account_id>:role/sre-platform
- Modify the terraform provider
The pipelines to modify are:
After thar the jennkins user (arn:aws:iam::347299396223:user/jenkins.sre.magnolia-cloud.com) should be removed from the two AWS accounts: magnolia-core-expeimental and magnolia-core-production.
- is related to
-
BUILD-837 Extra common logic to switch accounts to a pipeline global library
- Closed